TEAM: Huntress Managed Endpoint Detection and Response (EDR)
PRODUCT: Process Insights
ENVIRONMENT: Windows
SUMMARY: This guide goes over how account administrators can request to exclude entire organizations or individual hosts from Process Insights.
Hosts that are not explicitly excluded in Process Insights Exclusion Settings will be automatically eligible for Process Insights.
Account administrators can request to exclude entire organizations or individual hosts from Process Insights. Exclusions should be used sparingly since excluded hosts are NOT eligible for Process Insights leaving risk for vulnerability. Excluded hosts will not be monitored for malicious processes and tamper protection will be disabled.
A Process Insights Exclusion will remove the Process Insights Service "RIO" and Driver from the specified Host or Organization's Hosts.
To request an exclusion, you can access Process Insights Exclusions by visiting your account settings page by clicking the hamburger drop-down menu and clicking "Settings". Please note only Account Admins will be able to request this.
From there, click "Managed Response" From the Account left panel
Then scroll down to "Exclusions" and click the "Process Insights"
From here you can contact support by clicking the "contact support" button or submitting a ticket here
Once the ticket is made and Huntress Support puts the exclusion in you will see the endpoint in the table above listed under "Process Insights"
Please note, that the removal will only trigger when the exclusion is put in place if you perform a system restore or backup that places RIO back on the device. It will NOT be automatically removed again. You will need to either Uninstall this service directly, or navigate back to the Exclusion, remove it and then add it back.