Requirement : Suppress events related to SONAR: type_id 4100 for a specific File Path.

Example : 

powershell.exe executed file "D:\ABC\XXXXX\abc.ps1"

SONAR Detection TYPE_ID 4100 appearing in Symantec Endpoint Protection (SEP) logs and Endpoint Detection and Response (EDR) logs

The recorder rules don't control the submission events.

Bash/IPS/SDS Pings and RRS (4100,4098/4100/4096) are different from the FDR events (8xxxx) which are controlled by the recorder policy.

Since the SEPM private cloud policy is configured to point to SEDR, the submissions will be sent by SEDR.

In the current EDR design, cannot suppress events related to SONAR: type_id 4100 for a specific File Path.

All or None SONAR events can be disabled by disabling "Send pseudonymous data to Symantec to receive enhanced threat protection intelligence".

As an option, you can exclude the target directory in SEPM.

Submissions for the ps1 files will  get dropped, however the 4100 detections for PowerShell will still remain due to the reasons mentioned.