Please refer to this Windows Tuning Tool from Cisco Security’s GitHub page to obtain more details about how to analyze and optimize Windows performance with Secure Endpoint. This indicates that deeper review is required to identify the files which had been accessed, but also the programs which generated them. Windows operation system is more complicated, more exclusion options are available due to the parent and child processes. 31 /Users/eugene/Library/Cookies/Cookies.binarycookiesĩ /Library/Application Support/Apple/ParentalControls/Users/eugene/0-usage.dataĥ /Users/eugene/Library/Cookies/istĤ /Users/eugene/Library/Metadata/CoreSpotlight/index.spotlightV3/ģ /Users/eugene/Library/WebKit//WebsiteData/ResourceLoadStatistics/full_browsing_session_istĢ /private/var/db/locationd/istĢ /Users/eugene/.dropbox/instance1/config.dbxĢ /Library/Catacomb/DD94912/biolockout.catġ /private/var/db/locationd/.4tq Windows While a high count does not necessarily mean the path should be excluded (e.g., a directory that stores e-mails may be scanned often but must not be excluded), the list provides a starting point to identify exclusion candidates. Each path has an associated count that indicates how many times it was scanned and the list is sorted in descending order. The file fileops.txt lists the paths where files create, modify and rename activities triggered Secure Endpoint to perform file scans. Guide to create diagnostic bundles for different operating systems available:Įxtract the compressed debug diagnostic bundle. Allow time to obtain sufficient connector log data while programs and processes have been accessed, generate a support diagnostic bundle to review and identify exclusions. Click Save to complete the group creation.Īfter the duplicate policy and group creation,with the debug log level on the connectors run the Computers as per normal business operations.Select the duplicate policy you have created.Provide it a meaningful name to allow you to distinguish this group and description ( optional).Secure Endpoint Console > Management Tab > Groups.Click Save to complete the policy creation.Important In Advanced Settings > Administrative Features, set the Connector log level to Debug.Select the policy actions to your requirements, use the default exclusions for now.Provide it a meaningful name to allow you to distinguish this policy and description ( optional).Select from the drop-down menu for the operating system.Secure Endpoint Console > Management Tab > Policies.Please allow for a heartbeat update or manually sync the policies on the connectors. It is recommended to create a duplicate policy to avoid business security concerns and disruptions to identify Computers with performance issues indicators and separate them into a group to use this duplicate policy.Ĭaution: Configuration changes on the dashboard requires time to allow connectors to sync the policy. Note: It is recommended to contact other Anti-Virus (AV) vendors and request their recommended exclusions to be added, this ensures the Secure Endpoint and AV to function in tandem also minimize performance impact. These exclusions can be found on the Cisco-Maintained Exclusion List in your console. Obvious Exclusions are exclusions that have been created based on research and test for commonly used operating systems, programs, and other security software. As such exclusions are defined must be uniquely tailored to each situation.ĭifferent exclusions can be categorized in two ways, obvious exclusions and indistinct exclusions. This article describes exclusions for Secure Endpoint Cloud, TETRA, SPP, and MAP.Įvery environment is unique as well as the entity which controls it, varying from stringent to open policies, where the latter would be classified as a honeypot. Exclusions are a necessity to ensure a balance of performance and security on a machine when endpoint protection such as Secure Endpoint is enabled. Background Information How to understand ExclusionsĪn exclusion set is a list of directories, file extensions, or threat names that you do not want the Secure Endpoint Connector to scan or convict. If your network is live, ensure that you understand the potential impact of any command. All of the devices used in this document started with a cleared (default) configuration. The information in this document was created from the devices in a specific lab environment. The information in this document is based on Windows, Linux and MacOS operating systems. A working knowledge of the customer environment. Prerequisites RequirementsĬisco recommends that you have knowledge of these topics: This document describes the best practices to locate and create exclusions on the Secure Endpoint.Ĭontributed by Cisco Engineers.
0 Comments
Leave a Reply. |