Configuring exclusions for Splunk on RedHat Linux 7.9

Published Apr 12 2021 08:50 PM 4,568 Views
Microsoft

 

Several customers have approached me on how to configure Splunk antivirus exclusions for processes, folders, and files within Microsoft Defender for Endpoint on RedHat Enterprise Linux.  This quick reference article has been created to address this common question.

 

Note: This blog is in support of Microsoft Defender for Endpoint on Red Hat Enterprise Linux 7.9.

 

Disclaimer:  This may not work on all versions of Linux. Linux is a third-party entity with its own potential licensing restrictions. This content is provided to assist our customers to better navigate integration with a 3rd party component or operating system, and as such, no guarantees are implied. Process and folder exclusions could potentially be harmful because such exclusions increase your organizational exposure to security risks.

 

  1. First let’s check if any file or folder exclusions are already configured on your RedHat Enterprise Linux clients by running the following command

 

mdatp exclusion list

 

  1. In the following example, we see that we do not have any exclusions configured for the device

 

[azureuser@redhat /]$ mdatp exclusion list

=====================================

No exclusions

=====================================

[azureuser@redhat /]$

 

  1. To review Microsoft Defender for Endpoint on Linux exclusions information, visit our public documentation.
  2. Splunk exclusions list is noted in their respective documentation.  
  3. Here is a simplified list of the recommended exclusion from the link above:

 

version:

Directories to exclude:

Processes to exclude:

Splunk Enterprise (*nix)

/opt/splunk ($SPLUNK_HOME) and all sub-directories
/opt/splunk/var/lib/splunk ($SPLUNK_DB) and all sub-directories

·         bloom

·         btool

·         btprobe

·         bzip2

·         cherryd

·         classify

·         exporttool

·         locktest

·         locktool

·         node

·         python*

·         splunk

·         splunkd

·         splunkmon

·         tsidxprobe

·         tsidxprobe_plo

·         walklex

Splunk universal forwarder (*nix)

/opt/splunkforwarder ($SPLUNK_HOME) and all subdirectories

·         Same as Splunk Enterprise (*nix)

 

  1. To add an exclusion manually for a process running on RHEL 7.9, you need to run the following command:

mdatp exclusion process add --name [nameofprocess]

 

  1. Since we have 17 processes to exclude, we will have to run the command 17 times, one for each process.

sudo mdatp exclusion process add --name bloom

sudo mdatp exclusion process add --name btool

sudo mdatp exclusion process add --name btprobe

sudo mdatp exclusion process add --name bzip2

sudo mdatp exclusion process add --name cherryd

sudo mdatp exclusion process add --name classify

sudo mdatp exclusion process add --name exporttool

sudo mdatp exclusion process add --name locktest

sudo mdatp exclusion process add --name locktool

sudo mdatp exclusion process add --name node

sudo mdatp exclusion process add --name python*

sudo mdatp exclusion process add --name splunk

sudo mdatp exclusion process add --name splunkd

sudo mdatp exclusion process add --name splunkmon

sudo mdatp exclusion process add --name tsidxprobe

sudo mdatp exclusion process add --name tsidxprobe_plo

sudo mdatp exclusion process add --name walklex

 

[azureuser@redhat /]$ sudo mdatp exclusion process add --name bloom

Process exclusion added successfully

 

  1. Once we run through the 17 processes, we can check the exclusions list again.

 

[azureuser@redhat /]$ mdatp exclusion list

=====================================

Excluded process

Process name: bloom

---

Excluded process

Process name: btool

---

Excluded process

Process name: btprobe

---

Excluded process

Process name: bzip2

---

Excluded process

Process name: cherryd

---

Excluded process

Process name: classify

---

Excluded process

Process name: exporttool

---

Excluded process

Process name: locktest

---

Excluded process

Process name: locktool

---

Excluded process

Process name: node

---

Excluded process

Process name: python*

---

Excluded process

Process name: splunk

---

Excluded process

Process name: splunkd

---

Excluded process

Process name: splunkmon

---

Excluded process

Process name: tsidxprobe

---

Excluded process

Process name: tsidxprobe_plo

---

Excluded process

Process name: walklex

=====================================

[azureuser@redhat /]$

 

Note: Now that we have all 17 processes excluded. We can move on to the folder exclusions.

 

  1. To add folder exclusions manually for RedHat Enterprise Linux 7.9, you need to run the following commands:

sudo mdatp exclusion folder add --path "/opt/splunk/"

 

 Note:  This will exclude all paths and all sub directories under /opt/splunk.

 

[azureuser@redhat /]$ sudo mdatp exclusion folder add --path "/opt/splunk/"

Folder exclusion configured successfully

 

  1. We can check the folder exclusions list again and verify the folders are excluded.

[azureuser@redhat /]$ mdatp exclusion list

 

=====================================

[azureuser@redhat /]$ mdatp exclusion list

=====================================

Excluded folder

Path: "/opt/splunk/"

---

 

  1. Now that we have added the folder exclusions for the application and verified it with mdatp exclusion list we are good to go.

 

Hopefully this article provides you with added clarity around the common task of adding Splunk exclusions on Linux clients protected by Microsoft Defender for Endpoint on Linux.

 

Disclaimer
The sample scripts are not supported under any Microsoft standard support program or service. The sample scripts are provided AS IS without warranty of any kind. Microsoft further disclaims all implied warranties including, without limitation, any implied warranties of merchantability or of fitness for a particular purpose. The entire risk arising out of the use or performance of the sample scripts and documentation remains with you. In no event shall Microsoft, its authors, or anyone else involved in the creation, production, or delivery of the scripts be liable for any damages whatsoever (including, without limitation, damages for loss of business profits, business interruption, loss of business information, or other pecuniary loss) arising out of the use of or inability to use the sample scripts or documentation, even if Microsoft has been advised of the possibility of such damages.

 

 

 

 

 

 

 
 
%3CLINGO-SUB%20id%3D%22lingo-sub-2261914%22%20slang%3D%22en-US%22%3EConfiguring%20exclusions%20for%20Splunk%20on%20RedHat%20Linux%207.9%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2261914%22%20slang%3D%22en-US%22%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ESeveral%20customers%20have%20approached%20me%20on%20how%20to%20configure%20Splunk%20antivirus%20exclusions%20for%20processes%2C%20folders%2C%20and%20files%20within%20Microsoft%20Defender%20for%20Endpoint%20on%20RedHat%20Enterprise%20Linux.%26nbsp%3B%20This%20quick%20reference%20article%20has%20been%20created%20to%26nbsp%3Baddress%20this%20common%20question.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ENote%3A%20This%20blog%20is%20in%20support%20of%20Microsoft%20Defender%20for%20Endpoint%26nbsp%3Bon%20Red%20Hat%20Enterprise%20Linux%207.9.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CFONT%20size%3D%221%202%203%204%205%206%207%22%3E%3CSTRONG%3E%3CEM%3EDisclaimer%3A%26nbsp%3B%3C%2FEM%3E%3C%2FSTRONG%3E%3C%2FFONT%3E%3CEM%3E%3CFONT%20size%3D%221%202%203%204%205%206%207%22%3E%26nbsp%3BThis%20may%20not%20work%20on%20all%20versions%20of%20Linux.%26nbsp%3BLinux%20is%20a%20third-party%20entity%20with%20its%20own%20potential%20licensing%20restrictions.%20This%20content%20is%20provided%20to%20assist%20our%20customers%20to%20better%20navigate%20integration%20with%20a%203rd%20party%20component%20or%20operating%20system%2C%20and%20as%20such%2C%20no%20guarantees%20are%20implied.%20Process%20and%20folder%20exclusions%20could%20potentially%20be%20harmful%20because%20such%20exclusions%20increase%20your%20organizational%20exposure%20to%20security%20risks%3C%2FFONT%3E.%3C%2FEM%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3COL%3E%0A%3CLI%3EFirst%20let%E2%80%99s%20check%20if%20any%20file%20or%20folder%20exclusions%20are%20already%20configured%20on%20your%20RedHat%20Enterprise%20Linux%20clients%20by%20running%20the%20following%20command%3C%2FLI%3E%0A%3C%2FOL%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20class%3D%22lia-indent-padding-left-30px%22%3E%3CSTRONG%3Emdatp%20exclusion%20list%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3COL%20start%3D%222%22%3E%0A%3CLI%3EIn%20the%20following%20example%2C%20we%20see%20that%20we%20do%20not%20have%20any%20exclusions%20configured%20for%20the%20device%3C%2FLI%3E%0A%3C%2FOL%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%5Bazureuser%40redhat%20%2F%5D%24%20%3CSTRONG%3Emdatp%20exclusion%20list%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3ENo%20exclusions%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3C%2FP%3E%0A%3CP%3E%5Bazureuser%40redhat%20%2F%5D%24%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3COL%20start%3D%223%22%3E%0A%3CLI%3ETo%20review%20Microsoft%20Defender%20for%20Endpoint%20on%20Linux%20exclusions%20information%2C%20visit%20our%20public%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows%2Fsecurity%2Fthreat-protection%2Fmicrosoft-defender-atp%2Flinux-exclusions%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Edocumentation%3C%2FA%3E.%3C%2FLI%3E%0A%3CLI%3ESplunk%20exclusions%20list%20is%20noted%20in%20their%20respective%20%3CA%20href%3D%22https%3A%2F%2Fdocs.splunk.com%2FDocumentation%2FSplunk%2F7.2.3%2FReleaseNotes%2FRunningSplunkalongsideWindowsantivirusproducts%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3Edocumentation%3C%2FA%3E.%20%26nbsp%3B%3C%2FLI%3E%0A%3CLI%3EHere%20is%20a%20simplified%20list%20of%20the%20recommended%20exclusion%20from%20the%20link%20above%3A%3C%2FLI%3E%0A%3C%2FOL%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CTABLE%20width%3D%22708%22%3E%0A%3CTBODY%3E%0A%3CTR%3E%0A%3CTD%20width%3D%2218%25%22%3E%3CP%3E%3CSTRONG%3Eversion%3A%3C%2FSTRONG%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2237%25%22%3E%3CP%3E%3CSTRONG%3EDirectories%20to%20exclude%3A%3C%2FSTRONG%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2243%25%22%3E%3CP%3E%3CSTRONG%3EProcesses%20to%20exclude%3A%3C%2FSTRONG%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%3E%3CP%3ESplunk%20Enterprise%20(*nix)%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%3E%3CP%3E%2Fopt%2Fsplunk%20(%24SPLUNK_HOME)%26nbsp%3Band%20all%20sub-directories%3CBR%20%2F%3E%2Fopt%2Fsplunk%2Fvar%2Flib%2Fsplunk%20(%24SPLUNK_DB)%26nbsp%3Band%20all%20sub-directories%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%3E%3CP%3E%C2%B7%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20bloom%3C%2FP%3E%0A%3CP%3E%C2%B7%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20btool%3C%2FP%3E%0A%3CP%3E%C2%B7%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20btprobe%3C%2FP%3E%0A%3CP%3E%C2%B7%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20bzip2%3C%2FP%3E%0A%3CP%3E%C2%B7%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20cherryd%3C%2FP%3E%0A%3CP%3E%C2%B7%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20classify%3C%2FP%3E%0A%3CP%3E%C2%B7%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20exporttool%3C%2FP%3E%0A%3CP%3E%C2%B7%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20locktest%3C%2FP%3E%0A%3CP%3E%C2%B7%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20locktool%3C%2FP%3E%0A%3CP%3E%C2%B7%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20node%3C%2FP%3E%0A%3CP%3E%C2%B7%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20python*%3C%2FP%3E%0A%3CP%3E%C2%B7%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20splunk%3C%2FP%3E%0A%3CP%3E%C2%B7%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20splunkd%3C%2FP%3E%0A%3CP%3E%C2%B7%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20splunkmon%3C%2FP%3E%0A%3CP%3E%C2%B7%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20tsidxprobe%3C%2FP%3E%0A%3CP%3E%C2%B7%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20tsidxprobe_plo%3C%2FP%3E%0A%3CP%3E%C2%B7%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20walklex%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%3E%3CP%3ESplunk%20universal%20forwarder%20(*nix)%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%3E%3CP%3E%2Fopt%2Fsplunkforwarder%20(%24SPLUNK_HOME)%26nbsp%3Band%20all%20subdirectories%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%3E%3CP%3E%C2%B7%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20Same%20as%20Splunk%20Enterprise%20(*nix)%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3C%2FTBODY%3E%0A%3C%2FTABLE%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3COL%20start%3D%226%22%3E%0A%3CLI%3ETo%20add%20an%20exclusion%20manually%20for%20a%20process%20running%20on%20RHEL%207.9%2C%20you%20need%20to%20run%20the%20following%20command%3A%3C%2FLI%3E%0A%3C%2FOL%3E%0A%3CP%20class%3D%22lia-indent-padding-left-30px%22%3E%3CSTRONG%3Emdatp%20exclusion%20process%20add%20--name%20%5Bnameofprocess%5D%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3E%26nbsp%3B%3C%2FSTRONG%3E%3C%2FP%3E%0A%3COL%20start%3D%227%22%3E%0A%3CLI%3ESince%20we%20have%2017%20processes%20to%20exclude%2C%20we%20will%20have%20to%20run%20the%20command%2017%20times%2C%20one%20for%20each%20process.%3C%2FLI%3E%0A%3C%2FOL%3E%0A%3CP%20class%3D%22lia-indent-padding-left-60px%22%3E%3CSTRONG%3Esudo%20mdatp%20exclusion%20process%20add%20--name%20bloom%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%20class%3D%22lia-indent-padding-left-60px%22%3E%3CSTRONG%3Esudo%20mdatp%20exclusion%20process%20add%20--name%20btool%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%20class%3D%22lia-indent-padding-left-60px%22%3E%3CSTRONG%3Esudo%20mdatp%20exclusion%20process%20add%20--name%20btprobe%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%20class%3D%22lia-indent-padding-left-60px%22%3E%3CSTRONG%3Esudo%20mdatp%20exclusion%20process%20add%20--name%20bzip2%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%20class%3D%22lia-indent-padding-left-60px%22%3E%3CSTRONG%3Esudo%20mdatp%20exclusion%20process%20add%20--name%20cherryd%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%20class%3D%22lia-indent-padding-left-60px%22%3E%3CSTRONG%3Esudo%20mdatp%20exclusion%20process%20add%20--name%20classify%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%20class%3D%22lia-indent-padding-left-60px%22%3E%3CSTRONG%3Esudo%20mdatp%20exclusion%20process%20add%20--name%20exporttool%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%20class%3D%22lia-indent-padding-left-60px%22%3E%3CSTRONG%3Esudo%20mdatp%20exclusion%20process%20add%20--name%20locktest%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%20class%3D%22lia-indent-padding-left-60px%22%3E%3CSTRONG%3Esudo%20mdatp%20exclusion%20process%20add%20--name%20locktool%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%20class%3D%22lia-indent-padding-left-60px%22%3E%3CSTRONG%3Esudo%20mdatp%20exclusion%20process%20add%20--name%20node%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%20class%3D%22lia-indent-padding-left-60px%22%3E%3CSTRONG%3Esudo%20mdatp%20exclusion%20process%20add%20--name%20python*%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%20class%3D%22lia-indent-padding-left-60px%22%3E%3CSTRONG%3Esudo%20mdatp%20exclusion%20process%20add%20--name%20splunk%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%20class%3D%22lia-indent-padding-left-60px%22%3E%3CSTRONG%3Esudo%20mdatp%20exclusion%20process%20add%20--name%20splunkd%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%20class%3D%22lia-indent-padding-left-60px%22%3E%3CSTRONG%3Esudo%20mdatp%20exclusion%20process%20add%20--name%20splunkmon%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%20class%3D%22lia-indent-padding-left-60px%22%3E%3CSTRONG%3Esudo%20mdatp%20exclusion%20process%20add%20--name%20tsidxprobe%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%20class%3D%22lia-indent-padding-left-60px%22%3E%3CSTRONG%3Esudo%20mdatp%20exclusion%20process%20add%20--name%20tsidxprobe_plo%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%20class%3D%22lia-indent-padding-left-60px%22%3E%3CSTRONG%3Esudo%20mdatp%20exclusion%20process%20add%20--name%20walklex%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3E%26nbsp%3B%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%5Bazureuser%40redhat%20%2F%5D%24%3CSTRONG%3E%20sudo%20mdatp%20exclusion%20process%20add%20--name%20bloom%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3EProcess%20exclusion%20added%20successfully%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3E%26nbsp%3B%3C%2FSTRONG%3E%3C%2FP%3E%0A%3COL%20start%3D%228%22%3E%0A%3CLI%3EOnce%20we%20run%20through%20the%2017%20processes%2C%20we%20can%20check%20the%20exclusions%20list%20again.%3C%2FLI%3E%0A%3C%2FOL%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20class%3D%22lia-indent-padding-left-30px%22%3E%5Bazureuser%40redhat%20%2F%5D%24%20%3CSTRONG%3Emdatp%20exclusion%20list%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%20class%3D%22lia-indent-padding-left-30px%22%3E%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3C%2FP%3E%0A%3CP%20class%3D%22lia-indent-padding-left-30px%22%3EExcluded%20process%3C%2FP%3E%0A%3CP%20class%3D%22lia-indent-padding-left-30px%22%3EProcess%20name%3A%20bloom%3C%2FP%3E%0A%3CP%20class%3D%22lia-indent-padding-left-30px%22%3E---%3C%2FP%3E%0A%3CP%20class%3D%22lia-indent-padding-left-30px%22%3EExcluded%20process%3C%2FP%3E%0A%3CP%20class%3D%22lia-indent-padding-left-30px%22%3EProcess%20name%3A%20btool%3C%2FP%3E%0A%3CP%20class%3D%22lia-indent-padding-left-30px%22%3E---%3C%2FP%3E%0A%3CP%20class%3D%22lia-indent-padding-left-30px%22%3EExcluded%20process%3C%2FP%3E%0A%3CP%20class%3D%22lia-indent-padding-left-30px%22%3EProcess%20name%3A%20btprobe%3C%2FP%3E%0A%3CP%20class%3D%22lia-indent-padding-left-30px%22%3E---%3C%2FP%3E%0A%3CP%20class%3D%22lia-indent-padding-left-30px%22%3EExcluded%20process%3C%2FP%3E%0A%3CP%20class%3D%22lia-indent-padding-left-30px%22%3EProcess%20name%3A%20bzip2%3C%2FP%3E%0A%3CP%20class%3D%22lia-indent-padding-left-30px%22%3E---%3C%2FP%3E%0A%3CP%20class%3D%22lia-indent-padding-left-30px%22%3EExcluded%20process%3C%2FP%3E%0A%3CP%20class%3D%22lia-indent-padding-left-30px%22%3EProcess%20name%3A%20cherryd%3C%2FP%3E%0A%3CP%20class%3D%22lia-indent-padding-left-30px%22%3E---%3C%2FP%3E%0A%3CP%20class%3D%22lia-indent-padding-left-30px%22%3EExcluded%20process%3C%2FP%3E%0A%3CP%20class%3D%22lia-indent-padding-left-30px%22%3EProcess%20name%3A%20classify%3C%2FP%3E%0A%3CP%20class%3D%22lia-indent-padding-left-30px%22%3E---%3C%2FP%3E%0A%3CP%20class%3D%22lia-indent-padding-left-30px%22%3EExcluded%20process%3C%2FP%3E%0A%3CP%20class%3D%22lia-indent-padding-left-30px%22%3EProcess%20name%3A%20exporttool%3C%2FP%3E%0A%3CP%20class%3D%22lia-indent-padding-left-30px%22%3E---%3C%2FP%3E%0A%3CP%20class%3D%22lia-indent-padding-left-30px%22%3EExcluded%20process%3C%2FP%3E%0A%3CP%20class%3D%22lia-indent-padding-left-30px%22%3EProcess%20name%3A%20locktest%3C%2FP%3E%0A%3CP%20class%3D%22lia-indent-padding-left-30px%22%3E---%3C%2FP%3E%0A%3CP%20class%3D%22lia-indent-padding-left-30px%22%3EExcluded%20process%3C%2FP%3E%0A%3CP%20class%3D%22lia-indent-padding-left-30px%22%3EProcess%20name%3A%20locktool%3C%2FP%3E%0A%3CP%20class%3D%22lia-indent-padding-left-30px%22%3E---%3C%2FP%3E%0A%3CP%20class%3D%22lia-indent-padding-left-30px%22%3EExcluded%20process%3C%2FP%3E%0A%3CP%20class%3D%22lia-indent-padding-left-30px%22%3EProcess%20name%3A%20node%3C%2FP%3E%0A%3CP%20class%3D%22lia-indent-padding-left-30px%22%3E---%3C%2FP%3E%0A%3CP%20class%3D%22lia-indent-padding-left-30px%22%3EExcluded%20process%3C%2FP%3E%0A%3CP%20class%3D%22lia-indent-padding-left-30px%22%3EProcess%20name%3A%20python*%3C%2FP%3E%0A%3CP%20class%3D%22lia-indent-padding-left-30px%22%3E---%3C%2FP%3E%0A%3CP%20class%3D%22lia-indent-padding-left-30px%22%3EExcluded%20process%3C%2FP%3E%0A%3CP%20class%3D%22lia-indent-padding-left-30px%22%3EProcess%20name%3A%20splunk%3C%2FP%3E%0A%3CP%20class%3D%22lia-indent-padding-left-30px%22%3E---%3C%2FP%3E%0A%3CP%20class%3D%22lia-indent-padding-left-30px%22%3EExcluded%20process%3C%2FP%3E%0A%3CP%20class%3D%22lia-indent-padding-left-30px%22%3EProcess%20name%3A%20splunkd%3C%2FP%3E%0A%3CP%20class%3D%22lia-indent-padding-left-30px%22%3E---%3C%2FP%3E%0A%3CP%20class%3D%22lia-indent-padding-left-30px%22%3EExcluded%20process%3C%2FP%3E%0A%3CP%20class%3D%22lia-indent-padding-left-30px%22%3EProcess%20name%3A%20splunkmon%3C%2FP%3E%0A%3CP%20class%3D%22lia-indent-padding-left-30px%22%3E---%3C%2FP%3E%0A%3CP%20class%3D%22lia-indent-padding-left-30px%22%3EExcluded%20process%3C%2FP%3E%0A%3CP%20class%3D%22lia-indent-padding-left-30px%22%3EProcess%20name%3A%20tsidxprobe%3C%2FP%3E%0A%3CP%20class%3D%22lia-indent-padding-left-30px%22%3E---%3C%2FP%3E%0A%3CP%20class%3D%22lia-indent-padding-left-30px%22%3EExcluded%20process%3C%2FP%3E%0A%3CP%20class%3D%22lia-indent-padding-left-30px%22%3EProcess%20name%3A%20tsidxprobe_plo%3C%2FP%3E%0A%3CP%20class%3D%22lia-indent-padding-left-30px%22%3E---%3C%2FP%3E%0A%3CP%20class%3D%22lia-indent-padding-left-30px%22%3EExcluded%20process%3C%2FP%3E%0A%3CP%20class%3D%22lia-indent-padding-left-30px%22%3EProcess%20name%3A%20walklex%3C%2FP%3E%0A%3CP%20class%3D%22lia-indent-padding-left-30px%22%3E%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3C%2FP%3E%0A%3CP%20class%3D%22lia-indent-padding-left-30px%22%3E%5Bazureuser%40redhat%20%2F%5D%24%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20class%3D%22lia-indent-padding-left-30px%22%3ENote%3A%20Now%20that%20we%20have%20all%2017%20processes%20excluded.%20We%20can%20move%20on%20to%20the%20folder%20exclusions.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3COL%20start%3D%229%22%3E%0A%3CLI%3ETo%20add%20folder%20exclusions%20manually%20for%20RedHat%20Enterprise%20Linux%207.9%2C%20you%20need%20to%20run%20the%20following%20commands%3A%3C%2FLI%3E%0A%3C%2FOL%3E%0A%3CP%20class%3D%22lia-indent-padding-left-30px%22%3E%3CSTRONG%3Esudo%20mdatp%20exclusion%20folder%20add%20--path%20%3CSPAN%3E%22%2F%3C%2FSPAN%3Eopt%2Fsplunk%3CSPAN%3E%2F%22%3C%2FSPAN%3E%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%20class%3D%22lia-indent-padding-left-30px%22%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20class%3D%22lia-indent-padding-left-30px%22%3E%3CSPAN%3E%3CSTRONG%3E%26nbsp%3B%3C%2FSTRONG%3E%3C%2FSPAN%3ENote%3A%26nbsp%3B%20This%20will%20exclude%20all%20paths%20and%20all%20sub%20directories%20under%20%2Fopt%2Fsplunk.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%5Bazureuser%40redhat%20%2F%5D%24%20%3CSTRONG%3Esudo%20mdatp%20exclusion%20folder%20add%20--path%20%22%2Fopt%2Fsplunk%2F%22%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3EFolder%20exclusion%20configured%20successfully%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3COL%20start%3D%2210%22%3E%0A%3CLI%3EWe%20can%20check%20the%20folder%20exclusions%20list%20again%20and%20verify%20the%20folders%20are%20excluded.%3C%2FLI%3E%0A%3C%2FOL%3E%0A%3CP%20class%3D%22lia-indent-padding-left-30px%22%3E%5Bazureuser%40redhat%20%2F%5D%24%20%3CSTRONG%3Emdatp%20exclusion%20list%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%20class%3D%22lia-indent-padding-left-30px%22%3E%3CSTRONG%3E%26nbsp%3B%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%20class%3D%22lia-indent-padding-left-30px%22%3E%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3C%2FP%3E%0A%3CP%20class%3D%22lia-indent-padding-left-30px%22%3E%5Bazureuser%40redhat%20%2F%5D%24%20mdatp%20exclusion%20list%3C%2FP%3E%0A%3CP%20class%3D%22lia-indent-padding-left-30px%22%3E%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3C%2FP%3E%0A%3CP%20class%3D%22lia-indent-padding-left-30px%22%3EExcluded%20folder%3C%2FP%3E%0A%3CP%20class%3D%22lia-indent-padding-left-30px%22%3EPath%3A%20%22%2Fopt%2Fsplunk%2F%22%3C%2FP%3E%0A%3CP%20class%3D%22lia-indent-padding-left-30px%22%3E---%3C%2FP%3E%0A%3CP%20class%3D%22lia-indent-padding-left-30px%22%3E%26nbsp%3B%3C%2FP%3E%0A%3COL%20start%3D%2211%22%3E%0A%3CLI%3ENow%20that%20we%20have%20added%20the%20folder%20exclusions%20for%20the%20application%20and%20verified%20it%20with%3CSTRONG%3E%20mdatp%20exclusion%20list%3C%2FSTRONG%3E%20we%20are%20good%20to%20go.%3C%2FLI%3E%0A%3C%2FOL%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EHopefully%20this%20article%20provides%20you%20with%20added%20clarity%20around%20the%20common%20task%20of%20adding%20Splunk%20exclusions%20on%20Linux%20clients%20protected%20by%20Microsoft%20Defender%20for%20Endpoint%20on%20Linux.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CFONT%20size%3D%221%202%203%204%205%206%207%22%3E%3CSTRONG%3E%3CEM%3EDisclaimer%3C%2FEM%3E%3C%2FSTRONG%3E%3CEM%3E%3CBR%20%2F%3EThe%20sample%20scripts%20are%20not%20supported%20under%20any%20Microsoft%20standard%20support%20program%20or%20service.%20The%20sample%20scripts%20are%20provided%20AS%20IS%20without%20warranty%20of%20any%20kind.%20Microsoft%20further%20disclaims%20all%20implied%20warranties%20including%2C%20without%20limitation%2C%20any%20implied%20warranties%20of%20merchantability%20or%20of%20fitness%20for%20a%20particular%20purpose.%20The%20entire%20risk%20arising%20out%20of%20the%20use%20or%20performance%20of%20the%20sample%20scripts%20and%20documentation%20remains%20with%20you.%20In%20no%20event%20shall%20Microsoft%2C%20its%20authors%2C%20or%20anyone%20else%20involved%20in%20the%20creation%2C%20production%2C%20or%20delivery%20of%20the%20scripts%20be%20liable%20for%20any%20damages%20whatsoever%20(including%2C%20without%20limitation%2C%20damages%20for%20loss%20of%20business%20profits%2C%20business%20interruption%2C%20loss%20of%20business%20information%2C%20or%20other%20pecuniary%20loss)%20arising%20out%20of%20the%20use%20of%20or%20inability%20to%20use%20the%20sample%20scripts%20or%20documentation%2C%20even%20if%20Microsoft%20has%20been%20advised%20of%20the%20possibility%20of%20such%20damages.%3C%2FEM%3E%3C%2FFONT%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CDIV%20class%3D%22ms-editor-squiggler%22%20style%3D%22color%3A%20initial%3B%20font%3A%20initial%3B%20font-feature-settings%3A%20initial%3B%20font-kerning%3A%20initial%3B%20font-optical-sizing%3A%20initial%3B%20font-variation-settings%3A%20initial%3B%20forced-color-adjust%3A%20initial%3B%20text-orientation%3A%20initial%3B%20text-rendering%3A%20initial%3B%20-webkit-font-smoothing%3A%20initial%3B%20-webkit-locale%3A%20initial%3B%20-webkit-text-orientation%3A%20initial%3B%20-webkit-writing-mode%3A%20initial%3B%20writing-mode%3A%20initial%3B%20zoom%3A%20initial%3B%20place-content%3A%20initial%3B%20place-items%3A%20initial%3B%20place-self%3A%20initial%3B%20alignment-baseline%3A%20initial%3B%20animation%3A%20initial%3B%20appearance%3A%20initial%3B%20aspect-ratio%3A%20initial%3B%20backdrop-filter%3A%20initial%3B%20backface-visibility%3A%20initial%3B%20background%3A%20initial%3B%20background-blend-mode%3A%20initial%3B%20baseline-shift%3A%20initial%3B%20block-size%3A%20initial%3B%20border-block%3A%20initial%3B%20border%3A%20initial%3B%20border-radius%3A%20initial%3B%20border-collapse%3A%20initial%3B%20border-end-end-radius%3A%20initial%3B%20border-end-start-radius%3A%20initial%3B%20border-inline%3A%20initial%3B%20border-start-end-radius%3A%20initial%3B%20border-start-start-radius%3A%20initial%3B%20inset%3A%20initial%3B%20box-shadow%3A%20initial%3B%20box-sizing%3A%20initial%3B%20break-after%3A%20initial%3B%20break-before%3A%20initial%3B%20break-inside%3A%20initial%3B%20buffered-rendering%3A%20initial%3B%20caption-side%3A%20initial%3B%20caret-color%3A%20initial%3B%20clear%3A%20initial%3B%20clip%3A%20initial%3B%20clip-path%3A%20initial%3B%20clip-rule%3A%20initial%3B%20color-interpolation%3A%20initial%3B%20color-interpolation-filters%3A%20initial%3B%20color-rendering%3A%20initial%3B%20color-scheme%3A%20initial%3B%20columns%3A%20initial%3B%20column-fill%3A%20initial%3B%20gap%3A%20initial%3B%20column-rule%3A%20initial%3B%20column-span%3A%20initial%3B%20contain%3A%20initial%3B%20contain-intrinsic-size%3A%20initial%3B%20content%3A%20initial%3B%20content-visibility%3A%20initial%3B%20counter-increment%3A%20initial%3B%20counter-reset%3A%20initial%3B%20counter-set%3A%20initial%3B%20cursor%3A%20initial%3B%20cx%3A%20initial%3B%20cy%3A%20initial%3B%20d%3A%20initial%3B%20display%3A%20block%3B%20dominant-baseline%3A%20initial%3B%20empty-cells%3A%20initial%3B%20fill%3A%20initial%3B%20fill-opacity%3A%20initial%3B%20fill-rule%3A%20initial%3B%20filter%3A%20initial%3B%20flex%3A%20initial%3B%20flex-flow%3A%20initial%3B%20float%3A%20initial%3B%20flood-color%3A%20initial%3B%20flood-opacity%3A%20initial%3B%20grid%3A%20initial%3B%20grid-area%3A%20initial%3B%20height%3A%200px%3B%20hyphens%3A%20initial%3B%20image-orientation%3A%20initial%3B%20image-rendering%3A%20initial%3B%20inline-size%3A%20initial%3B%20inset-block%3A%20initial%3B%20inset-inline%3A%20initial%3B%20isolation%3A%20initial%3B%20letter-spacing%3A%20initial%3B%20lighting-color%3A%20initial%3B%20line-break%3A%20initial%3B%20list-style%3A%20initial%3B%20margin-block%3A%20initial%3B%20margin%3A%20initial%3B%20margin-inline%3A%20initial%3B%20marker%3A%20initial%3B%20mask%3A%20initial%3B%20mask-type%3A%20initial%3B%20max-block-size%3A%20initial%3B%20max-height%3A%20initial%3B%20max-inline-size%3A%20initial%3B%20max-width%3A%20initial%3B%20min-block-size%3A%20initial%3B%20min-height%3A%20initial%3B%20min-inline-size%3A%20initial%3B%20min-width%3A%20initial%3B%20mix-blend-mode%3A%20initial%3B%20object-fit%3A%20initial%3B%20object-position%3A%20initial%3B%20offset%3A%20initial%3B%20opacity%3A%20initial%3B%20order%3A%20initial%3B%20origin-trial-test-property%3A%20initial%3B%20orphans%3A%20initial%3B%20outline%3A%20initial%3B%20outline-offset%3A%20initial%3B%20overflow-anchor%3A%20initial%3B%20overflow-clip-margin%3A%20initial%3B%20overflow-wrap%3A%20initial%3B%20overflow%3A%20initial%3B%20overscroll-behavior-block%3A%20initial%3B%20overscroll-behavior-inline%3A%20initial%3B%20overscroll-behavior%3A%20initial%3B%20padding-block%3A%20initial%3B%20padding%3A%20initial%3B%20padding-inline%3A%20initial%3B%20page%3A%20initial%3B%20page-orientation%3A%20initial%3B%20paint-order%3A%20initial%3B%20perspective%3A%20initial%3B%20perspective-origin%3A%20initial%3B%20pointer-events%3A%20initial%3B%20position%3A%20initial%3B%20quotes%3A%20initial%3B%20r%3A%20initial%3B%20resize%3A%20initial%3B%20ruby-position%3A%20initial%3B%20rx%3A%20initial%3B%20ry%3A%20initial%3B%20scroll-behavior%3A%20initial%3B%20scroll-margin-block%3A%20initial%3B%20scroll-margin%3A%20initial%3B%20scroll-margin-inline%3A%20initial%3B%20scroll-padding-block%3A%20initial%3B%20scroll-padding%3A%20initial%3B%20scroll-padding-inline%3A%20initial%3B%20scroll-snap-align%3A%20initial%3B%20scroll-snap-stop%3A%20initial%3B%20scroll-snap-type%3A%20initial%3B%20shape-image-threshold%3A%20initial%3B%20shape-margin%3A%20initial%3B%20shape-outside%3A%20initial%3B%20shape-rendering%3A%20initial%3B%20size%3A%20initial%3B%20speak%3A%20initial%3B%20stop-color%3A%20initial%3B%20stop-opacity%3A%20initial%3B%20stroke%3A%20initial%3B%20stroke-dasharray%3A%20initial%3B%20stroke-dashoffset%3A%20initial%3B%20stroke-linecap%3A%20initial%3B%20stroke-linejoin%3A%20initial%3B%20stroke-miterlimit%3A%20initial%3B%20stroke-opacity%3A%20initial%3B%20stroke-width%3A%20initial%3B%20tab-size%3A%20initial%3B%20table-layout%3A%20initial%3B%20text-align%3A%20initial%3B%20text-align-last%3A%20initial%3B%20text-anchor%3A%20initial%3B%20text-combine-upright%3A%20initial%3B%20text-decoration%3A%20initial%3B%20text-decoration-skip-ink%3A%20initial%3B%20text-indent%3A%20initial%3B%20text-overflow%3A%20initial%3B%20text-shadow%3A%20initial%3B%20text-size-adjust%3A%20initial%3B%20text-transform%3A%20initial%3B%20text-underline-offset%3A%20initial%3B%20text-underline-position%3A%20initial%3B%20touch-action%3A%20initial%3B%20transform%3A%20initial%3B%20transform-box%3A%20initial%3B%20transform-origin%3A%20initial%3B%20transform-style%3A%20initial%3B%20transition%3A%20initial%3B%20user-select%3A%20initial%3B%20vector-effect%3A%20initial%3B%20vertical-align%3A%20initial%3B%20visibility%3A%20initial%3B%20-webkit-app-region%3A%20initial%3B%20border-spacing%3A%20initial%3B%20-webkit-border-image%3A%20initial%3B%20-webkit-box-align%3A%20initial%3B%20-webkit-box-decoration-break%3A%20initial%3B%20-webkit-box-direction%3A%20initial%3B%20-webkit-box-flex%3A%20initial%3B%20-webkit-box-ordinal-group%3A%20initial%3B%20-webkit-box-orient%3A%20initial%3B%20-webkit-box-pack%3A%20initial%3B%20-webkit-box-reflect%3A%20initial%3B%20-webkit-highlight%3A%20initial%3B%20-webkit-hyphenate-character%3A%20initial%3B%20-webkit-line-break%3A%20initial%3B%20-webkit-line-clamp%3A%20initial%3B%20-webkit-mask-box-image%3A%20initial%3B%20-webkit-mask%3A%20initial%3B%20-webkit-mask-composite%3A%20initial%3B%20-webkit-perspective-origin-x%3A%20initial%3B%20-webkit-perspective-origin-y%3A%20initial%3B%20-webkit-print-color-adjust%3A%20initial%3B%20-webkit-rtl-ordering%3A%20initial%3B%20-webkit-ruby-position%3A%20initial%3B%20-webkit-tap-highlight-color%3A%20initial%3B%20-webkit-text-combine%3A%20initial%3B%20-webkit-text-decorations-in-effect%3A%20initial%3B%20-webkit-text-emphasis%3A%20initial%3B%20-webkit-text-emphasis-position%3A%20initial%3B%20-webkit-text-fill-color%3A%20initial%3B%20-webkit-text-security%3A%20initial%3B%20-webkit-text-stroke%3A%20initial%3B%20-webkit-transform-origin-x%3A%20initial%3B%20-webkit-transform-origin-y%3A%20initial%3B%20-webkit-transform-origin-z%3A%20initial%3B%20-webkit-user-drag%3A%20initial%3B%20-webkit-user-modify%3A%20initial%3B%20white-space%3A%20initial%3B%20widows%3A%20initial%3B%20width%3A%20initial%3B%20will-change%3A%20initial%3B%20word-break%3A%20initial%3B%20word-spacing%3A%20initial%3B%20x%3A%20initial%3B%20y%3A%20initial%3B%20z-index%3A%20initial%3B%22%3E%26nbsp%3B%3C%2FDIV%3E%0A%3CDIV%20class%3D%22ms-editor-squiggler%22%20style%3D%22color%3A%20initial%3B%20font%3A%20initial%3B%20font-feature-settings%3A%20initial%3B%20font-kerning%3A%20initial%3B%20font-optical-sizing%3A%20initial%3B%20font-variation-settings%3A%20initial%3B%20forced-color-adjust%3A%20initial%3B%20text-orientation%3A%20initial%3B%20text-rendering%3A%20initial%3B%20-webkit-font-smoothing%3A%20initial%3B%20-webkit-locale%3A%20initial%3B%20-webkit-text-orientation%3A%20initial%3B%20-webkit-writing-mode%3A%20initial%3B%20writing-mode%3A%20initial%3B%20zoom%3A%20initial%3B%20place-content%3A%20initial%3B%20place-items%3A%20initial%3B%20place-self%3A%20initial%3B%20alignment-baseline%3A%20initial%3B%20animation%3A%20initial%3B%20appearance%3A%20initial%3B%20aspect-ratio%3A%20initial%3B%20backdrop-filter%3A%20initial%3B%20backface-visibility%3A%20initial%3B%20background%3A%20initial%3B%20background-blend-mode%3A%20initial%3B%20baseline-shift%3A%20initial%3B%20block-size%3A%20initial%3B%20border-block%3A%20initial%3B%20border%3A%20initial%3B%20border-radius%3A%20initial%3B%20border-collapse%3A%20initial%3B%20border-end-end-radius%3A%20initial%3B%20border-end-start-radius%3A%20initial%3B%20border-inline%3A%20initial%3B%20border-start-end-radius%3A%20initial%3B%20border-start-start-radius%3A%20initial%3B%20inset%3A%20initial%3B%20box-shadow%3A%20initial%3B%20box-sizing%3A%20initial%3B%20break-after%3A%20initial%3B%20break-before%3A%20initial%3B%20break-inside%3A%20initial%3B%20buffered-rendering%3A%20initial%3B%20caption-side%3A%20initial%3B%20caret-color%3A%20initial%3B%20clear%3A%20initial%3B%20clip%3A%20initial%3B%20clip-path%3A%20initial%3B%20clip-rule%3A%20initial%3B%20color-interpolation%3A%20initial%3B%20color-interpolation-filters%3A%20initial%3B%20color-rendering%3A%20initial%3B%20color-scheme%3A%20initial%3B%20columns%3A%20initial%3B%20column-fill%3A%20initial%3B%20gap%3A%20initial%3B%20column-rule%3A%20initial%3B%20column-span%3A%20initial%3B%20contain%3A%20initial%3B%20contain-intrinsic-size%3A%20initial%3B%20content%3A%20initial%3B%20content-visibility%3A%20initial%3B%20counter-increment%3A%20initial%3B%20counter-reset%3A%20initial%3B%20counter-set%3A%20initial%3B%20cursor%3A%20initial%3B%20cx%3A%20initial%3B%20cy%3A%20initial%3B%20d%3A%20initial%3B%20display%3A%20block%3B%20dominant-baseline%3A%20initial%3B%20empty-cells%3A%20initial%3B%20fill%3A%20initial%3B%20fill-opacity%3A%20initial%3B%20fill-rule%3A%20initial%3B%20filter%3A%20initial%3B%20flex%3A%20initial%3B%20flex-flow%3A%20initial%3B%20float%3A%20initial%3B%20flood-color%3A%20initial%3B%20flood-opacity%3A%20initial%3B%20grid%3A%20initial%3B%20grid-area%3A%20initial%3B%20height%3A%200px%3B%20hyphens%3A%20initial%3B%20image-orientation%3A%20initial%3B%20image-rendering%3A%20initial%3B%20inline-size%3A%20initial%3B%20inset-block%3A%20initial%3B%20inset-inline%3A%20initial%3B%20isolation%3A%20initial%3B%20letter-spacing%3A%20initial%3B%20lighting-color%3A%20initial%3B%20line-break%3A%20initial%3B%20list-style%3A%20initial%3B%20margin-block%3A%20initial%3B%20margin%3A%20initial%3B%20margin-inline%3A%20initial%3B%20marker%3A%20initial%3B%20mask%3A%20initial%3B%20mask-type%3A%20initial%3B%20max-block-size%3A%20initial%3B%20max-height%3A%20initial%3B%20max-inline-size%3A%20initial%3B%20max-width%3A%20initial%3B%20min-block-size%3A%20initial%3B%20min-height%3A%20initial%3B%20min-inline-size%3A%20initial%3B%20min-width%3A%20initial%3B%20mix-blend-mode%3A%20initial%3B%20object-fit%3A%20initial%3B%20object-position%3A%20initial%3B%20offset%3A%20initial%3B%20opacity%3A%20initial%3B%20order%3A%20initial%3B%20origin-trial-test-property%3A%20initial%3B%20orphans%3A%20initial%3B%20outline%3A%20initial%3B%20outline-offset%3A%20initial%3B%20overflow-anchor%3A%20initial%3B%20overflow-clip-margin%3A%20initial%3B%20overflow-wrap%3A%20initial%3B%20overflow%3A%20initial%3B%20overscroll-behavior-block%3A%20initial%3B%20overscroll-behavior-inline%3A%20initial%3B%20overscroll-behavior%3A%20initial%3B%20padding-block%3A%20initial%3B%20padding%3A%20initial%3B%20padding-inline%3A%20initial%3B%20page%3A%20initial%3B%20page-orientation%3A%20initial%3B%20paint-order%3A%20initial%3B%20perspective%3A%20initial%3B%20perspective-origin%3A%20initial%3B%20pointer-events%3A%20initial%3B%20position%3A%20initial%3B%20quotes%3A%20initial%3B%20r%3A%20initial%3B%20resize%3A%20initial%3B%20ruby-position%3A%20initial%3B%20rx%3A%20initial%3B%20ry%3A%20initial%3B%20scroll-behavior%3A%20initial%3B%20scroll-margin-block%3A%20initial%3B%20scroll-margin%3A%20initial%3B%20scroll-margin-inline%3A%20initial%3B%20scroll-padding-block%3A%20initial%3B%20scroll-padding%3A%20initial%3B%20scroll-padding-inline%3A%20initial%3B%20scroll-snap-align%3A%20initial%3B%20scroll-snap-stop%3A%20initial%3B%20scroll-snap-type%3A%20initial%3B%20shape-image-threshold%3A%20initial%3B%20shape-margin%3A%20initial%3B%20shape-outside%3A%20initial%3B%20shape-rendering%3A%20initial%3B%20size%3A%20initial%3B%20speak%3A%20initial%3B%20stop-color%3A%20initial%3B%20stop-opacity%3A%20initial%3B%20stroke%3A%20initial%3B%20stroke-dasharray%3A%20initial%3B%20stroke-dashoffset%3A%20initial%3B%20stroke-linecap%3A%20initial%3B%20stroke-linejoin%3A%20initial%3B%20stroke-miterlimit%3A%20initial%3B%20stroke-opacity%3A%20initial%3B%20stroke-width%3A%20initial%3B%20tab-size%3A%20initial%3B%20table-layout%3A%20initial%3B%20text-align%3A%20initial%3B%20text-align-last%3A%20initial%3B%20text-anchor%3A%20initial%3B%20text-combine-upright%3A%20initial%3B%20text-decoration%3A%20initial%3B%20text-decoration-skip-ink%3A%20initial%3B%20text-indent%3A%20initial%3B%20text-overflow%3A%20initial%3B%20text-shadow%3A%20initial%3B%20text-size-adjust%3A%20initial%3B%20text-transform%3A%20initial%3B%20text-underline-offset%3A%20initial%3B%20text-underline-position%3A%20initial%3B%20touch-action%3A%20initial%3B%20transform%3A%20initial%3B%20transform-box%3A%20initial%3B%20transform-origin%3A%20initial%3B%20transform-style%3A%20initial%3B%20transition%3A%20initial%3B%20user-select%3A%20initial%3B%20vector-effect%3A%20initial%3B%20vertical-align%3A%20initial%3B%20visibility%3A%20initial%3B%20-webkit-app-region%3A%20initial%3B%20border-spacing%3A%20initial%3B%20-webkit-border-image%3A%20initial%3B%20-webkit-box-align%3A%20initial%3B%20-webkit-box-decoration-break%3A%20initial%3B%20-webkit-box-direction%3A%20initial%3B%20-webkit-box-flex%3A%20initial%3B%20-webkit-box-ordinal-group%3A%20initial%3B%20-webkit-box-orient%3A%20initial%3B%20-webkit-box-pack%3A%20initial%3B%20-webkit-box-reflect%3A%20initial%3B%20-webkit-highlight%3A%20initial%3B%20-webkit-hyphenate-character%3A%20initial%3B%20-webkit-line-break%3A%20initial%3B%20-webkit-line-clamp%3A%20initial%3B%20-webkit-mask-box-image%3A%20initial%3B%20-webkit-mask%3A%20initial%3B%20-webkit-mask-composite%3A%20initial%3B%20-webkit-perspective-origin-x%3A%20initial%3B%20-webkit-perspective-origin-y%3A%20initial%3B%20-webkit-print-color-adjust%3A%20initial%3B%20-webkit-rtl-ordering%3A%20initial%3B%20-webkit-ruby-position%3A%20initial%3B%20-webkit-tap-highlight-color%3A%20initial%3B%20-webkit-text-combine%3A%20initial%3B%20-webkit-text-decorations-in-effect%3A%20initial%3B%20-webkit-text-emphasis%3A%20initial%3B%20-webkit-text-emphasis-position%3A%20initial%3B%20-webkit-text-fill-color%3A%20initial%3B%20-webkit-text-security%3A%20initial%3B%20-webkit-text-stroke%3A%20initial%3B%20-webkit-transform-origin-x%3A%20initial%3B%20-webkit-transform-origin-y%3A%20initial%3B%20-webkit-transform-origin-z%3A%20initial%3B%20-webkit-user-drag%3A%20initial%3B%20-webkit-user-modify%3A%20initial%3B%20white-space%3A%20initial%3B%20widows%3A%20initial%3B%20width%3A%20initial%3B%20will-change%3A%20initial%3B%20word-break%3A%20initial%3B%20word-spacing%3A%20initial%3B%20x%3A%20initial%3B%20y%3A%20initial%3B%20z-index%3A%20initial%3B%22%3E%26nbsp%3B%3C%2FDIV%3E%3C%2FLINGO-BODY%3E%3CLINGO-TEASER%20id%3D%22lingo-teaser-2261914%22%20slang%3D%22en-US%22%3E%3CP%3EThis%20article%20addresses%20common%20questions%26nbsp%3Bon%20how%20to%20configure%20Splunk%20antivirus%20exclusions%20for%20processes%2C%20folders%2C%20and%20files%20within%20Microsoft%20Defender%20for%20Endpoint%20on%20RedHat%20Enterprise%20Linux.%26nbsp%3B%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22SEC20_Security_010.jpg%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F271279iAAADC9A16F920334%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22SEC20_Security_010.jpg%22%20alt%3D%22SEC20_Security_010.jpg%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CDIV%20class%3D%22ms-editor-squiggler%22%20style%3D%22color%3A%20initial%3B%20font%3A%20initial%3B%20font-feature-settings%3A%20initial%3B%20font-kerning%3A%20initial%3B%20font-optical-sizing%3A%20initial%3B%20font-variation-settings%3A%20initial%3B%20forced-color-adjust%3A%20initial%3B%20text-orientation%3A%20initial%3B%20text-rendering%3A%20initial%3B%20-webkit-font-smoothing%3A%20initial%3B%20-webkit-locale%3A%20initial%3B%20-webkit-text-orientation%3A%20initial%3B%20-webkit-writing-mode%3A%20initial%3B%20writing-mode%3A%20initial%3B%20zoom%3A%20initial%3B%20place-content%3A%20initial%3B%20place-items%3A%20initial%3B%20place-self%3A%20initial%3B%20alignment-baseline%3A%20initial%3B%20animation%3A%20initial%3B%20appearance%3A%20initial%3B%20aspect-ratio%3A%20initial%3B%20backdrop-filter%3A%20initial%3B%20backface-visibility%3A%20initial%3B%20background%3A%20initial%3B%20background-blend-mode%3A%20initial%3B%20baseline-shift%3A%20initial%3B%20block-size%3A%20initial%3B%20border-block%3A%20initial%3B%20border%3A%20initial%3B%20border-radius%3A%20initial%3B%20border-collapse%3A%20initial%3B%20border-end-end-radius%3A%20initial%3B%20border-end-start-radius%3A%20initial%3B%20border-inline%3A%20initial%3B%20border-start-end-radius%3A%20initial%3B%20border-start-start-radius%3A%20initial%3B%20inset%3A%20initial%3B%20box-shadow%3A%20initial%3B%20box-sizing%3A%20initial%3B%20break-after%3A%20initial%3B%20break-before%3A%20initial%3B%20break-inside%3A%20initial%3B%20buffered-rendering%3A%20initial%3B%20caption-side%3A%20initial%3B%20caret-color%3A%20initial%3B%20clear%3A%20initial%3B%20clip%3A%20initial%3B%20clip-path%3A%20initial%3B%20clip-rule%3A%20initial%3B%20color-interpolation%3A%20initial%3B%20color-interpolation-filters%3A%20initial%3B%20color-rendering%3A%20initial%3B%20color-scheme%3A%20initial%3B%20columns%3A%20initial%3B%20column-fill%3A%20initial%3B%20gap%3A%20initial%3B%20column-rule%3A%20initial%3B%20column-span%3A%20initial%3B%20contain%3A%20initial%3B%20contain-intrinsic-size%3A%20initial%3B%20content%3A%20initial%3B%20content-visibility%3A%20initial%3B%20counter-increment%3A%20initial%3B%20counter-reset%3A%20initial%3B%20counter-set%3A%20initial%3B%20cursor%3A%20initial%3B%20cx%3A%20initial%3B%20cy%3A%20initial%3B%20d%3A%20initial%3B%20display%3A%20block%3B%20dominant-baseline%3A%20initial%3B%20empty-cells%3A%20initial%3B%20fill%3A%20initial%3B%20fill-opacity%3A%20initial%3B%20fill-rule%3A%20initial%3B%20filter%3A%20initial%3B%20flex%3A%20initial%3B%20flex-flow%3A%20initial%3B%20float%3A%20initial%3B%20flood-color%3A%20initial%3B%20flood-opacity%3A%20initial%3B%20grid%3A%20initial%3B%20grid-area%3A%20initial%3B%20height%3A%200px%3B%20hyphens%3A%20initial%3B%20image-orientation%3A%20initial%3B%20image-rendering%3A%20initial%3B%20inline-size%3A%20initial%3B%20inset-block%3A%20initial%3B%20inset-inline%3A%20initial%3B%20isolation%3A%20initial%3B%20letter-spacing%3A%20initial%3B%20lighting-color%3A%20initial%3B%20line-break%3A%20initial%3B%20list-style%3A%20initial%3B%20margin-block%3A%20initial%3B%20margin%3A%20initial%3B%20margin-inline%3A%20initial%3B%20marker%3A%20initial%3B%20mask%3A%20initial%3B%20mask-type%3A%20initial%3B%20max-block-size%3A%20initial%3B%20max-height%3A%20initial%3B%20max-inline-size%3A%20initial%3B%20max-width%3A%20initial%3B%20min-block-size%3A%20initial%3B%20min-height%3A%20initial%3B%20min-inline-size%3A%20initial%3B%20min-width%3A%20initial%3B%20mix-blend-mode%3A%20initial%3B%20object-fit%3A%20initial%3B%20object-position%3A%20initial%3B%20offset%3A%20initial%3B%20opacity%3A%20initial%3B%20order%3A%20initial%3B%20origin-trial-test-property%3A%20initial%3B%20orphans%3A%20initial%3B%20outline%3A%20initial%3B%20outline-offset%3A%20initial%3B%20overflow-anchor%3A%20initial%3B%20overflow-clip-margin%3A%20initial%3B%20overflow-wrap%3A%20initial%3B%20overflow%3A%20initial%3B%20overscroll-behavior-block%3A%20initial%3B%20overscroll-behavior-inline%3A%20initial%3B%20overscroll-behavior%3A%20initial%3B%20padding-block%3A%20initial%3B%20padding%3A%20initial%3B%20padding-inline%3A%20initial%3B%20page%3A%20initial%3B%20page-orientation%3A%20initial%3B%20paint-order%3A%20initial%3B%20perspective%3A%20initial%3B%20perspective-origin%3A%20initial%3B%20pointer-events%3A%20initial%3B%20position%3A%20initial%3B%20quotes%3A%20initial%3B%20r%3A%20initial%3B%20resize%3A%20initial%3B%20ruby-position%3A%20initial%3B%20rx%3A%20initial%3B%20ry%3A%20initial%3B%20scroll-behavior%3A%20initial%3B%20scroll-margin-block%3A%20initial%3B%20scroll-margin%3A%20initial%3B%20scroll-margin-inline%3A%20initial%3B%20scroll-padding-block%3A%20initial%3B%20scroll-padding%3A%20initial%3B%20scroll-padding-inline%3A%20initial%3B%20scroll-snap-align%3A%20initial%3B%20scroll-snap-stop%3A%20initial%3B%20scroll-snap-type%3A%20initial%3B%20shape-image-threshold%3A%20initial%3B%20shape-margin%3A%20initial%3B%20shape-outside%3A%20initial%3B%20shape-rendering%3A%20initial%3B%20size%3A%20initial%3B%20speak%3A%20initial%3B%20stop-color%3A%20initial%3B%20stop-opacity%3A%20initial%3B%20stroke%3A%20initial%3B%20stroke-dasharray%3A%20initial%3B%20stroke-dashoffset%3A%20initial%3B%20stroke-linecap%3A%20initial%3B%20stroke-linejoin%3A%20initial%3B%20stroke-miterlimit%3A%20initial%3B%20stroke-opacity%3A%20initial%3B%20stroke-width%3A%20initial%3B%20tab-size%3A%20initial%3B%20table-layout%3A%20initial%3B%20text-align%3A%20initial%3B%20text-align-last%3A%20initial%3B%20text-anchor%3A%20initial%3B%20text-combine-upright%3A%20initial%3B%20text-decoration%3A%20initial%3B%20text-decoration-skip-ink%3A%20initial%3B%20text-indent%3A%20initial%3B%20text-overflow%3A%20initial%3B%20text-shadow%3A%20initial%3B%20text-size-adjust%3A%20initial%3B%20text-transform%3A%20initial%3B%20text-underline-offset%3A%20initial%3B%20text-underline-position%3A%20initial%3B%20touch-action%3A%20initial%3B%20transform%3A%20initial%3B%20transform-box%3A%20initial%3B%20transform-origin%3A%20initial%3B%20transform-style%3A%20initial%3B%20transition%3A%20initial%3B%20user-select%3A%20initial%3B%20vector-effect%3A%20initial%3B%20vertical-align%3A%20initial%3B%20visibility%3A%20initial%3B%20-webkit-app-region%3A%20initial%3B%20border-spacing%3A%20initial%3B%20-webkit-border-image%3A%20initial%3B%20-webkit-box-align%3A%20initial%3B%20-webkit-box-decoration-break%3A%20initial%3B%20-webkit-box-direction%3A%20initial%3B%20-webkit-box-flex%3A%20initial%3B%20-webkit-box-ordinal-group%3A%20initial%3B%20-webkit-box-orient%3A%20initial%3B%20-webkit-box-pack%3A%20initial%3B%20-webkit-box-reflect%3A%20initial%3B%20-webkit-highlight%3A%20initial%3B%20-webkit-hyphenate-character%3A%20initial%3B%20-webkit-line-break%3A%20initial%3B%20-webkit-line-clamp%3A%20initial%3B%20-webkit-mask-box-image%3A%20initial%3B%20-webkit-mask%3A%20initial%3B%20-webkit-mask-composite%3A%20initial%3B%20-webkit-perspective-origin-x%3A%20initial%3B%20-webkit-perspective-origin-y%3A%20initial%3B%20-webkit-print-color-adjust%3A%20initial%3B%20-webkit-rtl-ordering%3A%20initial%3B%20-webkit-ruby-position%3A%20initial%3B%20-webkit-tap-highlight-color%3A%20initial%3B%20-webkit-text-combine%3A%20initial%3B%20-webkit-text-decorations-in-effect%3A%20initial%3B%20-webkit-text-emphasis%3A%20initial%3B%20-webkit-text-emphasis-position%3A%20initial%3B%20-webkit-text-fill-color%3A%20initial%3B%20-webkit-text-security%3A%20initial%3B%20-webkit-text-stroke%3A%20initial%3B%20-webkit-transform-origin-x%3A%20initial%3B%20-webkit-transform-origin-y%3A%20initial%3B%20-webkit-transform-origin-z%3A%20initial%3B%20-webkit-user-drag%3A%20initial%3B%20-webkit-user-modify%3A%20initial%3B%20white-space%3A%20initial%3B%20widows%3A%20initial%3B%20width%3A%20initial%3B%20will-change%3A%20initial%3B%20word-break%3A%20initial%3B%20word-spacing%3A%20initial%3B%20x%3A%20initial%3B%20y%3A%20initial%3B%20z-index%3A%20initial%3B%22%3E%26nbsp%3B%3C%2FDIV%3E%3C%2FLINGO-TEASER%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2261914%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EPhillipBracher%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Co-Authors
Version history
Last update:
‎Apr 12 2021 07:19 AM
Updated by:
www.000webhost.com