Create a detection exception
To reduce false positives or duplicate events in your detection results, you can create exceptions for detection rules. When you create a detection exception, the specified processes will not be evaluated by the
Opticsdetection engine. Use caution when you create detection exceptions, because they have the potential to reduce the overall security of devices.
- In the management console, on the menu bar, clickCylanceOPTICS > Configurations.
- Hover overConfigurationson the top menu bar and clickDetection Exceptions.
- ClickCreate Exception.
- Type a name for the detection exception.
- In theConditionssection, configure exception conditions. ClickAdd Another Conditionto configure additional exceptions.In a detection exception, an AND statement is applied to all conditions. All conditions must be met for the exception to be true. When you specify a value for a condition, it is treated as an ANY statement. When two or more values are added, if any of the values exist, the condition is true.
On the menu bar, click
CylanceOPTICS > Configurations, then hover over
Configurationson the top menu bar and click
Detection Rule Sets. Edit a detection rule set and assign the detection exception to the desired rules. Click