Hi, as stated in the title, I have a program that triggers IOA access token manipulation.
I'd like to exclude this program (and maybe others) from this IOA alert, is it possible?
Thanks by advance.
If the program is authorized, you should hopefully not be seeing this. Can you please open a support case if you haven't done so already (you can do so via the support center link at the top of this page.)
If possible, please include the output from psinfo in that case:https://learn.microsoft.com/en-us/sysinternals/downloads/psinfo
WatchGuard Customer Support
Thanks for the tip, I didn't try to add it to exclusions cause I thought IOA worked outside of those configurations.
I'll come back to you if anything more is needed.