/
EDR exclusions

EDR exclusions

Owned by Mark Zuk
Oct 31, 2024
1 min read

To ensure that GYTPOL operates smoothly without interference from antivirus/endpoint detection and response (AV/EDR) scans, it's essential to exclude specific paths from scanning. Excluding these paths can prevent issues with scans, reports, and false positive alerts in SIEM systems. Here are the recommended paths to exclude from scans for both the GYTPOL server and GYTPOL client:

For GYTPOL Server: Exclude the following path from AV/EDR scans:

C:\gytpol\*

 

For GYTPOL Client: Exclude the following paths from AV/EDR scans:

  • C:\windows\installer\*\gytpolClient.exe

  • C:\windows\temp\gytpol*

  • C:\Program Files\WindowsPowerShell\Modules\gytpol\*

  • C:\Windows\System32\WindowsPowerShell\Modules\gytpol\* (Windows 7 and Server 2008 only)

 

Excluding these paths from AV/EDR scans will help prevent any disruptions to GYTPOL's functionality and ensure accurate reporting and analysis. It's important to keep these exclusions in place to maintain the proper operation of GYTPOL and avoid unnecessary alerts or errors.

Related content

GYTPOL Pre-Installation for On-prem
GYTPOL Pre-Installation for On-prem
GYTPOL TechHub
More like this
Executable files used by client
Executable files used by client
GYTPOL TechHub
More like this
GYTPOL local components
GYTPOL local components
GYTPOL TechHub
More like this
Admin and Troubleshooting Guide
Admin and Troubleshooting Guide
GYTPOL Knowledge Base
More like this
Archive folder - Advanced troubleshooting
Archive folder - Advanced troubleshooting
GYTPOL TechHub
More like this
Sensor Deployment and Management Guide
Sensor Deployment and Management Guide
GYTPOL Knowledge Base
More like this