Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY 26.1.b
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    Administration Guide

    Home 26.1.b Administration Guide

    Exclusion Manager

    Exclusion Manager

    The Exclusion Manager enables you to define which processes, files, or domains are excluded from Security Policies monitoring. Three types of exclusions can be defined in the Exclusion Manager:

    • (PC only) Process Exclusions: This type of exclusion specifies that EDR does not inspect the actions that are performed by specific processes, so that these processes do not trigger security events. The processes that are excluded are identified by the attributes of the processes, according to your definitions.

      There may be various reasons for excluding a process in this manner. For example, when a process’s performance/functionality is affected by EDR’s inspection, but the customer knows that this process is good/safe (this example is relevant, even when the process does not trigger security events). Therefore, in this case, the exclusion will specify that EDR no longer inspects the specified processes.

      Please note that adding this type of exclusion excludes this process from being monitored by all EDR features and all activities of this process are ignored.

    • Execution Prevention Exclusions: The Execution Prevention policy inspects/scans files and then blocks their execution if they are identified as malicious or suspected to be malicious. Execution Prevention Exclusions specify that EDR does not apply the Execution Prevention policy inspection, which analyzes files in order to find evidence of malicious activity, as described in Profiles. The files that are excluded are identified by the attributes of the files that are the target of the Execution Prevention actions, according to your definitions.
    • (Mobile only) Domain Exclusions: The Malicious URL/IP Detected policy inspects/scans URLs/domains and blocks connections to them if they are identified as malicious or suspected to be malicious. Domain Exclusions specify that EDR does not apply the Malicious URL/IP Detected policy inspection. The domains that are excluded are identified according to your definitions.
    To manage exclusions:

    Select Profiles > Security > Exclusion Manager. The following window displays, showing the list of previously created exclusions:

    The list of exclusions in the Exclusion Manager page contains the following columns:

    Column

    Description
    Checkbox Enables you to select multiple rows.
    Icon

    Represents the type of exclusion

    • - Process

    • - Execution Prevention

    • - Domain
    SOURCE ATTRIBUTES Specifies the attributes that were defined in order to identify the Process/File/Domain, as described in Defining exclusions
    OS Specifies the operating system to which the exclusion applies.
    LAST UPDATED Specifies when this exclusion was last updated and by whom.
    STATE Specifies whether this exclusion is enabled or disabled.
    Edit and delete excursion tools.

    The following actions can be performed in the Exclusion Manager page:

    Previous
    Next

    Exclusion Manager

    Exclusion Manager

    The Exclusion Manager enables you to define which processes, files, or domains are excluded from Security Policies monitoring. Three types of exclusions can be defined in the Exclusion Manager:

    • (PC only) Process Exclusions: This type of exclusion specifies that EDR does not inspect the actions that are performed by specific processes, so that these processes do not trigger security events. The processes that are excluded are identified by the attributes of the processes, according to your definitions.

      There may be various reasons for excluding a process in this manner. For example, when a process’s performance/functionality is affected by EDR’s inspection, but the customer knows that this process is good/safe (this example is relevant, even when the process does not trigger security events). Therefore, in this case, the exclusion will specify that EDR no longer inspects the specified processes.

      Please note that adding this type of exclusion excludes this process from being monitored by all EDR features and all activities of this process are ignored.

    • Execution Prevention Exclusions: The Execution Prevention policy inspects/scans files and then blocks their execution if they are identified as malicious or suspected to be malicious. Execution Prevention Exclusions specify that EDR does not apply the Execution Prevention policy inspection, which analyzes files in order to find evidence of malicious activity, as described in Profiles. The files that are excluded are identified by the attributes of the files that are the target of the Execution Prevention actions, according to your definitions.
    • (Mobile only) Domain Exclusions: The Malicious URL/IP Detected policy inspects/scans URLs/domains and blocks connections to them if they are identified as malicious or suspected to be malicious. Domain Exclusions specify that EDR does not apply the Malicious URL/IP Detected policy inspection. The domains that are excluded are identified according to your definitions.
    To manage exclusions:

    Select Profiles > Security > Exclusion Manager. The following window displays, showing the list of previously created exclusions:

    The list of exclusions in the Exclusion Manager page contains the following columns:

    Column

    Description
    Checkbox Enables you to select multiple rows.
    Icon

    Represents the type of exclusion

    • - Process

    • - Execution Prevention

    • - Domain
    SOURCE ATTRIBUTES Specifies the attributes that were defined in order to identify the Process/File/Domain, as described in Defining exclusions
    OS Specifies the operating system to which the exclusion applies.
    LAST UPDATED Specifies when this exclusion was last updated and by whom.
    STATE Specifies whether this exclusion is enabled or disabled.
    Edit and delete excursion tools.

    The following actions can be performed in the Exclusion Manager page:

    Previous
    Next