Merge pull request #2596 from AruneemaXD/AruneemaXD-patch-4

aditisrivastava07 · web-flow · commit b76e57b3f2f3 · 2025-01-31T17:51:34.000+05:30
Update linux-exclusions.md -- Emm is reviewing
diff --git a/defender-endpoint/linux-exclusions.md b/defender-endpoint/linux-exclusions.md
@@ -2,8 +2,8 @@
 title: Configure and validate exclusions for Microsoft Defender for Endpoint on Linux
 description: Provide and validate exclusions for Microsoft Defender for Endpoint on Linux. Exclusions can be set for files, folders, and processes.
 ms.service: defender-endpoint
-ms.author: deniseb
-author: denisebmsft
+ms.author: ewalsh
+author: emmwalshh
 ms.reviewer: gopkr, ardeshmukh
 ms.localizationpriority: medium
 manager: deniseb
@@ -15,7 +15,7 @@ ms.collection:
 ms.topic: conceptual
 ms.subservice: linux
 search.appverid: met150
-ms.date: 10/14/2024
+ms.date: 01/31/2025
 ---
 
 # Configure and validate exclusions for Microsoft Defender for Endpoint on Linux
@@ -39,22 +39,26 @@ You can exclude certain files, folders, processes, and process-opened files from
 Exclusions can be useful to avoid incorrect detections on files or software that are unique or customized to your organization. Global exclusions are useful for mitigating performance issues caused by Defender for Endpoint on Linux.
 
 > [!WARNING]
-> Defining exclusions lowers the protection offered by Defender for Endpoint on Linux. You should always evaluate the risks that are associated with implementing exclusions, and you should only exclude files that you are confident are not malicious.
+> Defining exclusions lowers the protection offered by Defender for Endpoint on Linux. You should always evaluate the risks that are associated with implementing exclusions, and you should only exclude files that you're confident aren't malicious.
 
 ## Supported exclusion scopes
 
 As described in an earlier section, we support two exclusion scopes: antivirus (`epp`) and global (`global`) exclusions.
 
-Antivirus exclusions can be used to exclude trusted files and processes from real-time protection while still having EDR visibility. Global exclusions are applied at sensor level and to mute the events that match exclusion conditions very early in the flow, before any processing is done, thus stopping all EDR alerts and antivirus detections.
+Antivirus exclusions can be used to exclude trusted files and processes from real-time protection while still having EDR visibility. Global exclusions are applied at sensor level and to mute the events that match exclusion conditions early in the flow, before any processing is done, thus stopping all EDR alerts and antivirus detections.
 
 > [!NOTE]
-> Global (`global`) is a new exclusion scope that we are introducing in addition to antivirus (`epp`) exclusion scopes that are already supported by Microsoft.
+> Global (`global`) is a new exclusion scope that we're introducing in addition to antivirus (`epp`) exclusion scopes that are already supported by Microsoft.
 
 | Exclusion Category | Exclusion Scope | Description |
 | --- | --- | --- |
 | Antivirus Exclusion  | Antivirus engine <br/>*(scope: epp)*  | Excludes content from antivirus (AV) scans and on-demand scans.| 
 | Global Exclusion  | Antivirus and endpoint detections and response engine <br/>*(scope: global)*  | Excludes events from real time protection and EDR visibility. Doesn't apply to on-demand scans by default. |
 
+> [!IMPORTANT]
+> Global exclusions don't apply to network protection, so alerts generated by network protection will still be visible.
+> To exclude processes from network protection, please use `mdatp network-protection exclusion`
+
 ## Supported exclusion types
 
 The following table shows the exclusion types supported by Defender for Endpoint on Linux.
@@ -73,15 +77,15 @@ File, folder, and process exclusions support the following wildcards:
 
 > [!NOTE]
 > File path needs to be present before adding or removing file exclusions with scope as global.
-> Wildcards are not supported while configuring global exclusions.
+> Wildcards aren't supported while configuring global exclusions.
 
 Wildcard|Description|Examples|
 ---|---|---
 \*|Matches any number of any characters including none <br/> *(note if this wildcard isn't used at the end of the path then it substitutes only one folder)* | `/var/*/tmp` includes any file in `/var/abc/tmp` and its subdirectories, and `/var/def/tmp` and its subdirectories. It doesn't include `/var/abc/log` or `/var/def/log` <p> <p> `/var/*/` only includes any files in its subdirectories such as `/var/abc/`, but not files directly inside `/var`. 
 ?|Matches any single character|`file?.log` includes `file1.log` and `file2.log`, but not`file123.log`
 
 > [!NOTE]
-> For antivirus exclusions, when using the * wildcard at the end of the path, it will match all files and subdirectories under the parent of the wildcard.
+> For antivirus exclusions, when using the * wildcard at the end of the path, it matches all files and subdirectories under the parent of the wildcard.
 
 ## How to configure the list of exclusions
 
@@ -153,7 +157,7 @@ mdatp exclusion
 
 Examples:
 
-- Add an exclusion for a file extension *(Extension exclusion isn't supported for global exclusion scope)* : 
+- Add an exclusion for a file extension *(Extension exclusion isn't supported for global exclusion scope)* :
 
     ```bash
     mdatp exclusion extension add --name .txt
@@ -253,14 +257,14 @@ Examples:
 - Add an exclusion for a folder with a wildcard in it:
     
     > [!NOTE]
-    > Wildcards are not supported while configuring global exclusions.  
+    > Wildcards aren't supported while configuring global exclusions.  
 
     ```bash
     mdatp exclusion folder add --path "/var/*/tmp"
     ```
 
     > [!NOTE]
-    > This will only exclude paths under */var/\*/tmp/*, but not folders which are siblings of *tmp*; for example, */var/this-subfolder/tmp*, but not */var/this-subfolder/log*.
+    > This excludes paths under */var/\*/tmp/*, but not folders which are siblings of *tmp*; for example, */var/this-subfolder/tmp*, but not */var/this-subfolder/log*.
 
     ```bash
     mdatp exclusion folder add --path "/var/" --scope epp
@@ -272,7 +276,7 @@ Examples:
     ```
 
     > [!NOTE]
-    > This will exclude all paths whose parent is */var/*; for example, */var/this-subfolder/and-this-subfolder-as-well*.
+    > This excludes all paths whose parent is */var/*; for example, */var/this-subfolder/and-this-subfolder-as-well*.
 
     ```console
     Folder exclusion configured successfully
@@ -317,12 +321,15 @@ Examples:
 
     ```bash
     mdatp exclusion process add --name cat --scope epp
-    mdatp exclusion process add --name dog --scope global
+    mdatp exclusion process add --name /usr/bin/dog --scope global
     ```
 
     ```console
     Process exclusion configured successfully
     ```
+    
+    > [!NOTE]
+    > Use full path for process exclusion with `global` scope.
 
 ## Validate exclusions lists with the EICAR test file
 
