This article is based on SentinelOne community documentation last updated on Feb 05 2025
All exclusions require caution because they limit visibility in your environment. While no exclusions are recommended, some are necessary to resolve issues with false positives or interoperability.
The list below shows some of the items that you MUST NOT exclude with SentinelOne exclusions. If you create an exclusion for any of these items, you open your environment to security risk. The list does not show all exclusions that are not recommended.
This list is based on the experience of Technical Support and will be updated by our Support team.
If you have an interoperability or false positive issue that you require help to resolve, please open a ticket for Support.
NOT Recommended Exclusions for Windows
Starting in Management version S-24.2.1: If the path for an exclusion is one of these system variables, it will show as Not Recommended and have a red exclamation point in the UI:
%systemroot%, %ProgramFiles(x86)%, %ProgramFiles%, %SystemDrive%, %Windir%, %ProgramW6432%If the path for an exclusion starts with one of these system variables but has more specific folders in the path, it will not show as Not Recommended.
For example,
%ProgramFiles%\foldernamewill not be marked as Not Recommended.
Signer identity exclusion for all Microsoft applications
Signer identity exclusion for all Adobe applications
Exclusions for a browser path
Drive letter:\
Drive letter:\*.*
Drive letter:\*\
Drive letter:\Windows\spool\
C:\*\Java\
C:\cygwin\
C:\cygwin64\
C:\Java\
C:\jboss-eap-6.4\
C:\Program Files (x86)\
C:\Program Files (x86)\Adobe\
C:\Program Files (x86)\Google\
C:\Program Files (x86)\Google\Chrome\
C:\Program Files (x86)\Internet Explorer\
C:\Program Files (x86)\Microsoft\Edge\
C:\Program Files (x86)\Java\
C:\Program Files (x86)\Java\jre version number\
C:\Program Files (x86)\Java\jre1.8.0_151\bin\jp2launcher.exe
C:\Program Files (x86)\Java\jre6\bin\
C:\Program Files (x86)\Microsoft Office\
C:\Program Files (x86)\Microsoft Office\Office version number\
C:\Program Files (x86)\Microsoft Office\root\Office16\
C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.exe
C:\Program Files(x86)\Java\
C:\Program Files\
C:\Program Files\Adobe\
C:\Program Files\Adobe\Acrobat Reader DC\
C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Program Files\cygwin\
C:\Program Files\cygwin64\
C:\Program Files\Git\perl.exe
C:\Program Files\Git\usr\bin\perl.exe
C:\Program Files\Internet Explorer\
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Java\
C:\Program Files\Java\*\bin\javac.exe
C:\Program Files\Microsoft Office\Office16\
C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE
C:\Program Files\PowerShell\<version>\pwsh.exe
C:\Program Files\Tripwire\TE\Agent\jre\bin\java.exe
C:\Tomcat7\
C:\tomcat7_2\bin\tomcat7.exe
C:\tomcat7.0\
C:\tomcat7\bin\tomcat7.exe
C:\Users\*\Cygwin\Bin\
C:\Windows\
C:\Windows\*\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\explorer.exe\
C:\Windows\py.exe
C:\Windows\setup.exe
C:\Windows\system32\
C:\Windows\System32\smss.exe
C:\Windows\system32\conhost.exe
C:\windows\system32\consent.exe
C:\Windows\System32\cscript.exe
C:\Windows\system32\csrss.exe
C:\Windows\System32\dllhost.exe
C:\Windows\System32\dwm.exe
C:\Windows\System32\explorer.exe
C:\Windows\System32\LogonUI.exe
C:\Windows\System32\lsalso.exe
C:\WINDOWS\system32\lsass.exe
C:\Windows\System32\lsm.exe
C:\windows\system32\mmc.exe
C:\Windows\System32\netsh.exe
C:\Windows\System32\Ntoskrnl.exe
C:\Windows\System32\rundll32.exe
C:\windows\system32\services.exe
C:\Windows\System32\sihost.exe
C:\Windows\system32\smss.exe
C:\Windows\System32\snmp.exe
C:\Windows\System32\splwow64.exe
C:\Windows\System32\Spool\
C:\Windows\System32\spoolsv.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\sysvol\
C:\Windows\System32\taskeng.exe
C:\Windows\System32\taskhostex.exe
C:\Windows\System32\Taskmgr.exe
C:\Windows\system32\userinit.exe
C:\Windows\System32\vbscript.dll
C:\Windows\system32\vssvc.exe
C:\Windows\System32\WBEM\
C:\Windows\System32\wbem\WmiApSrv.exe
C:\Windows\System32\wbem\WmiPrvSE.exe
C:\Windows\System32\WindowsPowerShell\
C:\Windows\System32\WindowsPowerShell\v1.0\
C:\Windows\System32\WindowsPowerShell\v1.0\Powershell.exe
C:\Windows\System32\wininit.exe
C:\Windows\system32\winlogon.exe
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
C:\Windows\SYSVOL\
C:\Windows\SysWOW64\
C:\Windows\SysWOW64\dllhost.exe
C:\Windows\SysWOW64\wbem\
C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
C:\Windows\Temp\
C:\Windows\winexesvc.exe
acrord32.exe
java.exe
javaC.exe
javaW.exe
JAVAWS.exe
LogonUI.exe
taskhostw.exe
vssadmin.exe
_mprosrv.exe
*.dll
*.exe
*.pdf
*\bin\java.exe
\adobe\
\Device\HarddiskVolume*\
\ProgramData\Kaseya\
\Program Files (x86)\Kaseya\
\Program Files\Kaseya\
\Windows\Temp\Kaseya\
*agent.exe
*agentmon.exe
NOT Recommended Exclusions for Linux
/bin/
/sbin/
/proc/
/run/
/sys/
/usr/bin/
/usr/sbin/
/usr/bin/pwsh
/usr/local/bin/pwsh
/var/
/var/log (If necessary, you can make an exclusion for the directory of a specific application in /var/log/.)
/tmp
/opt/sentinelone
*/pythonversion number
*/ruby
*\*apache-maven*\
Not Recommended Exclusions for macOS
/
**/
*?
*?/
/*?
/*?/
/**
/usr/local/bin/pwsh