When installing a 3rd party EDR client on a computer running an F-Secure endpoint protection software, which are the recommended exclusions to bypass the F-Secure client in context of the EDR solution?
You can exclude any and all files residing the in the directory pointed to by this registry key:
The value will contain the directory to skip (also include content of sub directories in the exclusion).
Note that this approach works with Ultralight based F-Secure products (CS 13 and later, Server Security 14.x and later).
If a broad exclusion of our product folder is not acceptable, use the following alternative
As previously, read the product path value from HKEY_LOCAL_MACHINE\SOFTWARE\F-Secure\Ultralight\Settings\product.paths
Then construct the exclusion using the following logic.
(the wildcard "*" represents here 0 or more characters)
For example, if the product installed in the folder C:\Program Files (x86)\F-Secure\Client Security\
the exclusion should match:
C:\Program Files (x86)\F-Secure\Client Security\Ultralight\ulcore\1570191397\fsorsp64.exe
C:\Program Files (x86)\F-Secure\Client Security\Ultralight\ulcore\1570191397\fshoster64.exe
Please note that exclusions fshoster*.exe and fsorsp*.exe cover both 32 and 64 bit operating-systems e.g. fsorsp64.exe or fsorsp32.exe both should match the above pattern.
Article no: 000018299