Welcome.
This video will cover: How to Add Dell Endpoint Security Suite Enterprise Memory Protection Exclusions. After you have logged on to your Dell Security Management Server administration console these policies are located in "Populations", Enterprise, the "Threat Prevention" subheading, Advanced Threat Prevention. Once you have arrived at the "Advanced Threat Prevention" page, click "Show advanced settings".
Then, scroll down to the "Memory Action" section. Memory Protection watches for certain hardcoded behaviors considered to be indicative of a compromise. Whenever such a behavior is detected, an event is communicated to the service before the hook API function is allowed to complete.
In some cases, your organization may have executables you know to be safe, but they are being blocked or terminated by "Memory Protection". In these cases, the "Exclude executable files" policy allows for executables to run even when they perform actions that the "Advanced Threat Prevention" plugin may deem inappropriate or questionable.
In the "Memory Action" section, to add exclusions, these are the policies that must be set. Memory Protection Enabled needs to be checked. Enable Exclude executable files needs to be checked and the "Exclude executable files" editable text field needs to have the exclusions added using the relative path of the executable file.
Be sure to exclude the drive letter from the path. In this example of a relative path \Application\SubFolder\[EXECUTABLE].exe, it would apply to both C:\Program Files\Application\SubFolder\[EXECUTABLE].exe and D:\Test\Application\Subfolder\[EXECUTABLE].exe. Warning: Use caution when adding generic relative paths, as it could potentially weaken your environment's security posture.
Here are some examples of relative paths for Mac and Windows. Here is some additional information you need to know about the editable text field for "Exclude executable files". Folder exclusions do not support network paths, wildcards, or special characters.
Enclose an exclusion in quotation marks if any of the following characters are used: a comma (,), brackets ([...]), or a tilde (~). Once you have completed your changes, click "Save". Then commit your policies.
Thank you for watching this video on How to Add Dell Endpoint Security Suite Enterprise Memory Protection Exclusions. If you need additional assistance, you can contact Dell Support using the information shown on the screen.
