Exclusions and failover files not working #18
Comments
|
Can someone help? |
As it is stated in the docs, the escapes needs to be written in regex form, so escape the backslashes |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi Ive made the changes in the config file but the alerts are still coming through. I've checked the AV folders and they are correct. Please help?
EXCLUSION FILE
This file filters events received by Aurora Agent based on the originating process's image.
Each line should contain a single regular expression. Empty lines or lines that start with # are ignored.
If a process's image matches any regular expression, all events originating from it will be discarded.
Example: Suppress all events from an AV installation folder
^C:\Program Files\My Antivirus
Exclude all processes under Bitdefender Agent and Bitdefender folder
IMAGE: C:\Program Files\Bitdefender Agent.*
IMAGE: C:\Program Files\Bitdefender.*
Optional: Exclude specific Bitdefender processes (these are covered by the general regex above, but can be left here for clarity)
IMAGE: C:\Program Files\Bitdefender\Bitdefender Security App\bdagent.exe
IMAGE: C:\Program Files\Bitdefender\Bitdefender Security\downloader.exe
IMAGE: C:\Program Files\Bitdefender\Bitdefender Security\updatesrv.exe
IMAGE: C:\Program Files\Bitdefender Agent\27.0.1.287\WatchDog.exe
FALSE POSITIVE FILE:
This file filters log messages for Aurora Agent.
Each line should contain a single regular expression. Empty lines or lines that start with # are ignored.
If a log entry (formatted with the default formatter, like in the log file or the command line), matches any regular
expression, that log entry will be suppressed.
Example: Suppress matches on executables from a specific Program folder
IMAGE: C:\Program Files\my legitimate anomaly
Exclude all log entries related to Bitdefender processes (image and command line)
IMAGE: C:\Program Files\Bitdefender.*
IMAGE: C:\Program Files\Bitdefender Agent.*
Optional: Specific Bitdefender process exclusions (covered by the general regex above, but for clarity)
IMAGE: C:\Program Files\Bitdefender\Bitdefender Security App\bdagent.exe
IMAGE: C:\Program Files\Bitdefender\Bitdefender Security\downloader.exe
IMAGE: C:\Program Files\Bitdefender\Bitdefender Security\updatesrv.exe
IMAGE: C:\Program Files\Bitdefender Agent\27.0.1.287\WatchDog.exe
Add CommandLine-based exclusions (to filter Bitdefender-related command line processes)
COMMANDLINE: C:\Program Files\Bitdefender\Bitdefender Security App\bdagent.exe
COMMANDLINE: C:\Program Files\Bitdefender\Bitdefender Security\downloader.exe
COMMANDLINE: C:\Program Files\Bitdefender\Bitdefender Security\updatesrv.exe
SAMPLE EVENT INFO
Event Info
Match_Strings | ImageLoaded\log.dll | ImageLoaded | \log.dll -- | -- | -- | -- \log.dll C:\Program Files\Bitdefender\Bitdefender Security App\log.dll "C:\Program Files\Bitdefender\Bitdefender Security App\bdagent.exe" Bitdefender NDPC {00000000-0000-0000-0000-000000000000} 0x7FFA5AC00000 BitDefender Loger 5 21276 21280 01d02h26m10s 2024-11-05T18:17:35 4.946.24.1 MD5=93ED86C448E809A0EC6CC6CBBC8F9018,SHA1=3EEEAD4610D4AF06DDA425F37F9B8BD72AD040CD,SHA256=FFD3278179E7BFCC813D73B967A7C8F0DC8EC55636E6A889F9F39019518F01FC,IMPHASH=19AA058CC80B70D3F2DC9262CD974F6A C:\Program Files\Bitdefender\Bitdefender Security App\bdagent.exe 0x7FFA5AC00000 421530 \Device\HarddiskVolume5\Program Files\Bitdefender\Bitdefender Security App\log.dll 0x5F000 0x8000000000000040 4 Sigma 0 Log.dll 21276 Bitdefender Security {22FB2CD6-0E7B-422B-A0C7-2FAD1FD0E716} Microsoft-Windows-Kernel-Process S-1-5-21-2673822975-379832767-79179760-1001 5 2024-11-06T20:43:43.0470599+10:00 1726562686 2024-09-17T18:44:46 0 22631 7 notice Sigma match found 2024-11-06T20:43:46+10:00
The text was updated successfully, but these errors were encountered: