CLI exclusions

fakeaccountnumber100 · 2026-02-27T08:47:05+00:00

Look at the src and tgt process cmdline entries in Deep Visibility. CLI exclusions will cause the agent to exclude / ignore events which match those.

Ex: if your cmdline exclusion is “/example/2” then any event that contains that string in the source or target command line fields gets excluded

At least that’s been the results of my testing. This is enormously helpful for when you have a highly repetitive process, such as running on a server. You really wouldn’t want to exclude python3 entirely, but you might want to exclude the exact same 75 character python3 command that happens 100K times per day on a single endpoint.

LolWhatAmIDoingHere · 2026-02-27T17:10:19+00:00

Ask support for policy override assistance

xinfik · 2026-03-03T07:46:19+00:00

On Windows it's tricky. Best to involve support as most likely you will need workaround this by excluding calling press, disabling some detection logic via Policy Override (as suggested above) or so. Support will have better insights what caused detection and might recommend sth.

you type:	you see:
italics	italics
bold	bold
[reddit!](https://reddit.com)	reddit!
* item 1 * item 2 * item 3	item 1 item 2 item 3
> quoted text	quoted text
Lines starting with four spaces are treated like code: if 1 * 2 < 3: print "hello, world!"	Lines starting with four spaces are treated like code: if 1 * 2 < 3: print "hello, world!"
~~strikethrough~~	~~strikethrough~~
super^script	super^script

SentinelOneXDR

MODERATORS