- Elastic Cloud Serverless
- Elasticsearch
- Elastic Observability
- Get started
- Observability overview
- Elastic Observability Serverless billing dimensions
- Create an Observability project
- Quickstart: Monitor hosts with Elastic Agent
- Quickstart: Monitor your Kubernetes cluster with Elastic Agent
- Quickstart: Monitor hosts with OpenTelemetry
- Quickstart: Unified Kubernetes Observability with Elastic Distributions of OpenTelemetry (EDOT)
- Quickstart: Collect data with AWS Firehose
- Get started with dashboards
- Applications and services
- Application performance monitoring (APM)
- Get started with traces and APM
- Learn about data types
- Collect application data
- View and analyze data
- Act on data
- Use APM securely
- Reduce storage
- Managed intake service event API
- Troubleshooting
- Synthetic monitoring
- Get started
- Scripting browser monitors
- Configure lightweight monitors
- Manage monitors
- Work with params and secrets
- Analyze monitor data
- Monitor resources on private networks
- Use the CLI
- Configure a Synthetics project
- Multifactor Authentication for browser monitors
- Configure Synthetics settings
- Grant users access to secured resources
- Manage data retention
- Scale and architect a deployment
- Synthetics Encryption and Security
- Troubleshooting
- Application performance monitoring (APM)
- Infrastructure and hosts
- Logs
- Inventory
- Incident management
- Data set quality
- Observability AI Assistant
- Machine learning
- Reference
- Get started
- Elastic Security
- Elastic Security overview
- Security billing dimensions
- Create a Security project
- Elastic Security requirements
- Elastic Security UI
- AI for Security
- Ingest data
- Configure endpoint protection with Elastic Defend
- Manage Elastic Defend
- Endpoints
- Policies
- Trusted applications
- Event filters
- Host isolation exceptions
- Blocklist
- Optimize Elastic Defend
- Event capture and Elastic Defend
- Endpoint protection rules
- Identify antivirus software on your hosts
- Allowlist Elastic Endpoint in third-party antivirus apps
- Elastic Endpoint self-protection features
- Elastic Endpoint command reference
- Endpoint response actions
- Cloud Security
- Explore your data
- Dashboards
- Detection engine overview
- Rules
- Alerts
- Advanced Entity Analytics
- Investigation tools
- Asset management
- Manage settings
- Troubleshooting
- Manage your project
- Changelog
Optimize Elastic Defend
editOptimize Elastic Defend
editIf you encounter problems like incompatibilities with other antivirus software, too many false positive alerts, or excessive storage or CPU usage, you can optimize Elastic Defend to mitigate these issues.
Endpoint artifacts — such as trusted applications and event filters — and Endpoint exceptions let you modify the behavior and performance of Elastic Endpoint, the component installed on each host that performs Elastic Defend’s threat monitoring, prevention, and response actions.
The following table explains the differences between several Endpoint artifacts and exceptions, and how to use them:
|
Prevents Elastic Endpoint from monitoring a process. Use to avoid conflicts with other software, usually other antivirus or endpoint security applications.
|
|
|
Prevents event documents from being written to Elasticsearch. Use to reduce storage usage in Elasticsearch. Does NOT lower CPU usage for Elastic Endpoint. It still monitors event data for possible threats, but without writing event data to Elasticsearch. |
|
|
Prevents known malware from running. Use to extend Elastic Defend’s protection against malicious processes. NOT intended to broadly block benign applications for non-security reasons. |
|
|
Prevents Elastic Endpoint from generating alerts or stopping processes. Use to reduce false positive alerts, and to keep Elastic Endpoint from preventing processes you want to allow. Might also improve performance: Elastic Endpoint checks for exceptions before most other processing, and stops monitoring a process if an exception allows it. |