Options

exclude a program from IOA token alerts

watchbardwatchbard
in WatchGuard EPDR/EDR/EPP

Hi, as stated in the title, I have a program that triggers IOA access token manipulation.
I'd like to exclude this program (and maybe others) from this IOA alert, is it possible?

Thanks by advance.

Comments

  • Options
    james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @watchbard
    If the program is authorized, you should hopefully not be seeing this. Can you please open a support case if you haven't done so already (you can do so via the support center link at the top of this page.)

    If possible, please include the output from psinfo in that case:
    https://learn.microsoft.com/en-us/sysinternals/downloads/psinfo

    -James Carson
    WatchGuard Customer Support

  • Options
    watchbardwatchbard

    Thanks for the tip, I didn't try to add it to exclusions cause I thought IOA worked outside of those configurations.

    I'll come back to you if anything more is needed.

Sign In to comment.