Skip Navigation

Create a detection exception

To reduce false positives or duplicate events in your detection results, you can create exceptions for detection rules. When you create a detection exception, the specified processes will not be evaluated by the
detection engine. Use caution when you create detection exceptions, because they have the potential to reduce the overall security of devices.
If you create and enable a rule exception that uses only RegEx matches for conditions, it may cause higher than normal CPU usage on some systems with a consistently high number of events, due to the rule exception running on every event. If you encounter this issue,
recommends disabling the rule exception that uses RegEx matches for conditions.
  1. In the management console, on the menu bar, click
    CylanceOPTICS > Configurations
  2. On the
    tab, click
    Create Exception
  3. Type a name for the detection exception.
  4. In the
    section, configure exception conditions. Click
    Add Another Condition
    to configure additional exceptions.
    In a detection exception, an AND statement is applied to all conditions. All conditions must be met for the exception to be true. When you specify a value for a condition, it is treated as an ANY statement. When two or more values are added, if any of the values exist, the condition is true.
  5. Click
On the menu bar, click
CylanceOPTICS > Configurations
, then click the
Rule Sets
tab. Edit a detection rule set and assign the detection exception to the desired rules. Click