Skip to main content
All CollectionsSentinelOne & GuardzSentinelOne Exclusions
Creating a Certificate Signer Identity Exclusion for SentinelOne

Creating a Certificate Signer Identity Exclusion for SentinelOne

Updated over 3 weeks ago

This article is based on SentinelOne community documentation last updated on Jan 23 2025

You can exclude files and software that are signed by a trusted source, with a certificate that is verified by the endpoint OS.

  • Agents monitor events associated with the certificate signer but do not create alerts and do not mitigate the signed items.

  • The Agent compares the certificate publisher name to the exclusion if the certificate is verified, where verified means the certificate chains to a trusted root in the endpoint's system Certificate Store.

  • For example, if you have an in-house application that you want to exclude, you can create a digital signature for it, and then make an exclusion for that Certificate Signer ID.

This exclusion type is supported for Windows and macOS Agents.

  • Windows - The certificate exclusion suppresses alerts. Agents monitor events associated with the certificate signer but do not create alerts and do not mitigate the signed items.

  • macOS - The certificate exclusion is a performance focus exclusion. It disables monitoring of the excluded processes, in addition to suppressing alerts.

IMPORTANT:

  • Be careful! If you create incorrect exclusions, you can open your environment to malware.

  • Do NOT create Signer Identity exclusions for all Microsoft or Adobe applications. This will significantly decrease your organization's security.

  • If you are getting false alerts for a specific application, contact Technical Support to find a narrower exclusion to resolve the issue.

Procedure: Create a Certificate Exclusion Manually from Guardz

To exclude items signed by a trusted source:

  1. Go to Security Controls> Endpoint Security > SentinelOne Exclusions

  2. Click the "+" button to add an exclusion

  3. Choose the Exclusion Type and select Certificate.

  4. In a different window, go to the Issues page and open the relevant issue details

    1. Copy the Signer Identity value from the issue details

  5. Paste in the Signer Identity field in the exclusion

    1. Wildcards are not supported.

  6. In OS Type, select the operating system for the exclusion.

  7. Optional: In Description, enter a phrase to make it easy for you and other users to identify this exclusion and understand why it is needed.

  8. Click Add.

Related Articles
Creating a Path Exclusion for SentinelOne
Creating a Hash Exclusion for SentinelOne
Creating a File Type Exclusion for SentinelOne
Creating a Browser Exclusion for SentinelOne
Best practices for SentinelOne Exclusions
Did this answer your question?