Issue:
How to forbid a local user from creating real-time scanning or DeepGuard exclusions for Elements Endpoint Protection (Elements EPP for Computers or Servers)?
Resolution:
You can block or disallow a local user from creating or adding new exclusions in the local Elements Agent user interface by changing a few settings in the profile that is in use on your devices.
Follow these steps:
- Log in to the Elements Security Center: https://elements.withsecure.com
- Open the Security Configurations section from the menu on the left
- Go to the Profiles page
- Select the profile that is in use on your devices (note that only custom profiles can be edited)
- Go to the General settings page
- Scroll down to the Quarantine section and disable Allow users to release blocked and quarantined items
- Scroll back up a little to the Exclude folders and files from all security scans section and enable the lock on the right side of the exclusions table
- Click Save and publish
Now all the devices that have this profile in use will have it so that even local users with administrator rights cannot add exclusions, since the Add new button will be grayed out and the setting is locked.
Article no: 000043842