Document what exceptions users should add to other AV products for Endpoint #3535
Assignees
Labels
Comments
|
cc @roxana-gheorghe @caitlinbetz @nfritts for visibility |
|
Thank you for creating the Doc Issue. |
|
I updated the comment with them. But I don't think we should give advice to create trusted application entries in other products based solely on process name rather than full path and ideally digital signature on Windows and macOS as well. |
This was referenced Aug 2, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description
Most AV products contain a feature like Endpoint's Trusted Applications. We document for users how to add entries to Endpoint for other AV products Endpoint shouldn't monitor. We should also document what values for Endpoint they should add to other AV product's "trusted apps". I don't mean how to add them, I just mean what Endpoint's paths and signatures are.
Notes
We recommend users using both the file path and digital signature in the third party AV product to identify Endpoint if possible. Spaces/formatting is important for the signature values.
Windows
c:\Program Files\Elastic\Endpoint\elastic-endpoint.exe(executable)elastic-endpoint.exec:\Windows\system32\drivers\elastic-endpoint-driver.sys(ELAM driver)c:\Windows\system32\drivers\ElasticElam.sys(driver)Elasticsearch, Inc.Elasticsearch B.V.(a secondary signature that may not continue to be used)More detailed notes for Windows are in the elastic/endpoint repo
macOS
/Library/Elastic/Endpoint/elastic-endpoint(executable)elastic-endpoint/Applications/ElasticEndpoint.app/(system extension, recursive directory structure)co.elastic.systemextensionElasticsearch, Inc (2BT3HPN62Z)(Authority/Developer ID Application)2BT3HPN62Z(Team ID)Linux
/opt/Elastic/Endpoint/elastic-endpoint(executable)elastic-endpointThe text was updated successfully, but these errors were encountered: