App Control: What processes paths should be excluded in KernelProcessExclusions for Windows Defender?
search cancel

App Control: What processes paths should be excluded in KernelProcessExclusions for Windows Defender?

book

Article ID: 286530

calendar_today

Updated On:

Products

Carbon Black App Control (formerly Cb Protection)

Issue/Introduction

What processes paths should be used in a Kernel Exclusion for Windows Defender?

Environment

  • App Control Agent: All Supported Versions
  • App Control Console: All Supported Versions
  • Windows: All Supported Versions

Resolution

Due to a variety of environmental differences, a specific set of logs will be required to validate the paths/operations necessary:
  1. Verify Windows Defender has all Agent Exclusions entered.
  2. Collect the Agent Performance Logs.
  3. Create a ticket with Carbon Black Support.
  4. Upload the collected logs to the Vault for review.

Additional Information

  • There must be exclusions in Windows Defender before the Kernel Exclusions are added to prevent Agent instability/corruption.
  • There are multiple versions of Windows Defender and Kernel Exclusions should only be added for paths that currently exist/are in use in the environment.