Adding exclusions from the Adaptive Anomaly Control rules

The Add Exclusion Wizard allows you to add exclusions from the Adaptive Anomaly Control rules for Kaspersky Endpoint Security.

You can start the Wizard through one of the three procedures below.

To start the Add Exclusion Wizard through the Adaptive Anomaly Control node:

1. In the console tree, select the node of the required Administration Server.
2. Select Triggering of rules in Smart Training state (by default, this is a subfolder of Advanced → Repositories).
3. In the workspace, right-click an element (or several elements) in the list of detections and select Add to exclusions.

   You can add up to 1000 exclusions at a time. If you select more elements and try to add them to exclusions, an error message is displayed.

The Add Exclusion Wizard starts.

You can start the Add Exclusion Wizard from other nodes in the console tree:

• Events tab of the main window of the Administration Server (then the User requests option or Recent events option).
• Report on Adaptive Anomaly Control rules state, Detections count column.

Step 1. Selecting the application

This step can be skipped if you have only one Kaspersky Endpoint Security for Windows version and do not have other applications that support the Adaptive Anomaly Control rules.

The Add Exclusion Wizard shows the list of Kaspersky applications whose management plug-ins allow you to add exclusions to the policies for these applications. Select an application from this list and click Next to proceed to selecting the policy to which the exclusion will be added.

Step 2. Selecting the policy (policies)

The Wizard shows the list of policies (with policy profiles) for Kaspersky Endpoint Security.

Select all the policies and profiles to which you want to add exclusions and click Next.

Step 3. Processing of the policy (policies)

The Wizard displays a progress bar as the policies are processed. You can interrupt the processing of policies by clicking Cancel.

Inherited policies cannot be updated. If you do not have the rights to modify a policy, this policy will not be updated either.

When all the policies are processed (or if you interrupt the processing), a report appears. It shows which policies were updated successfully (green icon) and which policies were not updated (red icon).

This is the last step of the Wizard. Click Finish to close the Wizard.