The FCS console unfortunately does not have a mechanism to add centrally managed process exclusions however since these are controlled by registry keys and values it is possible to create .adm templates and import a process exclusion into existing FCS Policy GPO's
An example of such a .adm file is listed below:
-------------------------------------------------------------------------------------------------------------------------
CLASS MACHINE CATEGORY !!FCSCategory POLICY !!Exclusion_Name
KEYNAME "SOFTWARE\Policies\Microsoft\Microsoft Forefront\Client Security\1.0\AM\Exclusions\Processes" EXPLAIN !!Exclusion_Explain
Part !!Exclusion_Description DROPDOWNLIST REQUIRED VALUENAME "C:\Windows\system32\goodprocess.exe" ITEMLIST NAME !!Override_Default VALUE NUMERIC 0 DEFAULT END ITEMLIST END PART END POLICY
END CATEGORY
[strings]
FCSCategory="Microsoft FCS Threat Override" Exclusion_Name="FCS Process Exclusion" Exclusion_Description="FCS Process Exclusion" Exclusion_Explain="Allows setting process exclusions for FCS so that it does not scan files touched by certain processes Not supported for W2K" Ignore_Default="Default"
Keep in mind that process exclusions in FCSv1 are not in effect unless the FCSAM service starts before the process so you may need to do a service dependency to have the excluded service depend on FCS at startup to ensure that the process exclusions is successful.
Maheshkumar S Tiwari edited Revision 4. Comment: Added Tag
Ed Price MSFT edited Revision 3. Comment: Minor title update. Cleaned up and added tags.
KimDitto_MSFT edited Revision 1. Comment: Small edits
KimDitto_MSFT edited Revision 2. Comment: Reverting Bad Changes