Skip to content

Commit e478ac0

Browse files
davidbernalmdavidbernalm
authored
Suggested exclusions for Win10
Exclude: Smartscreen, C:\Windows\System32\smartscreen.exe Network Setup Service, C:\Windows\System32\svchost.exe -k netsvcs -p -s NetSetupSvc Microsoft Feeds Synchronization C:\Windows\System32\msfeedssync.exe RunTimeBroker C:\Windows\System32\RuntimeBroker.exe -Embedding
1 parent f24dc22 commit e478ac0

File tree

1 file changed

+4
-0
lines changed

1 file changed

+4
-0
lines changed

sysmonconfig-export.xml

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -87,6 +87,9 @@
8787
<Image condition="is">C:\Windows\System32\plasrv.exe</Image> <!--Microsoft:Windows: Performance Logs and Alerts DCOM Server-->
8888
<Image condition="is">C:\Windows\System32\wifitask.exe</Image> <!--Microsoft:Windows: Wireless Background Task-->
8989
<Image condition="is">C:\Program Files (x86)\Common Files\microsoft shared\ink\TabTip32.exe</Image> <!--Microsoft:Windows: Touch Keyboard and Handwriting Panel Helper-->
90+
<Image condition="is">C:\Windows\System32\smartscreen.exe</Image> <!-- Microsoft:Windows: Smartscreen, checks malicious websites and files https://www.howtogeek.com/320711/what-is-smartscreen-and-why-is-it-running-on-my-pc/ -->
91+
<Image condition="is">C:\Windows\System32\msfeedssync.exe</Image> <!-- Microsoft:Windows: Microsoft Feeds Synchronization https://superuser.com/questions/445995/msfeedssync-exe-what-does-it-do -->
92+
<Image condition="is">C:\Windows\System32\RuntimeBroker.exe</Image> <!-- Microsoft:Windows: Runtime Broker https://www.howtogeek.com/268240/what-is-runtime-broker-and-why-is-it-running-on-my-pc/ -->
9093
<Image condition="is">C:\Windows\System32\TokenBrokerCookies.exe</Image> <!--Microsoft:Windows: SSO sign-in assistant for MicrosoftOnline.com-->
9194
<CommandLine condition="is">C:\windows\system32\wermgr.exe -queuereporting</CommandLine> <!--Microsoft:Windows:Windows error reporting/telemetry-->
9295
<ParentCommandLine condition="is">C:\windows\system32\wermgr.exe -queuereporting</ParentCommandLine> <!--Microsoft:Windows:Windows error reporting/telemetry-->
@@ -147,6 +150,7 @@
147150
<CommandLine condition="is">C:\Windows\system32\svchost.exe -k netsvcs -s CertPropSvc</CommandLine>
148151
<CommandLine condition="is">C:\Windows\system32\svchost.exe -k netsvcs -s DsmSvc</CommandLine>
149152
<CommandLine condition="is">C:\Windows\system32\svchost.exe -k netsvcs -s Gpsvc</CommandLine> <!--Microsoft:Windows:Network: Group Policy -->
153+
<CommandLine condition="is">C:\Windows\System32\svchost.exe -k netsvcs -p -s NetSetupSvc</CommandLine> <!--Microsoft:Windows: Network Setup Service, manages the installation of network drivers -->
150154
<CommandLine condition="is">C:\Windows\system32\svchost.exe -k netsvcs -s ProfSvc</CommandLine> <!--Microsoft:Windows: Network services-->
151155
<CommandLine condition="is">C:\Windows\system32\svchost.exe -k netsvcs -s SENS</CommandLine> <!--Microsoft:Windows: Network services-->
152156
<CommandLine condition="is">C:\Windows\system32\svchost.exe -k netsvcs -s SessionEnv</CommandLine> <!--Microsoft:Windows: Network services-->

0 commit comments

Comments
 (0)