Hello -
Under exceptions on SEPM if I add folders (and their sub folders) into the exclusions list exempting them from scans would that prevent SONAR from blocking DNS/hostname changes initiated by executables within those folders?
I need to allow our VPN clients to initiate DNS changes/changes to the host file so that they continue to function properly but inspite of adding their folder paths to the exclusions list and applying the exception to the respective OU (SEPM syncd with AD) I still see that SONAR continues to block certain legit executables from within the excluded folders from performing DNS/hostname changes.
I do not want to add DNS or hostname change exception to specific executables cos the SHA-256 values differ from language to language and version to version. I prefer excluding the folders themselves.
Please bear in mind that for all other folders and files I want SONAR to behave the way it currently does so changing the System Change Events (SONAR) under the Virus and Spyware Protection Policies to log only/ignore is not an option.
Please advise.