From 6f8d5e5c28931f4499ed0292ea3ea5012663082e Mon Sep 17 00:00:00 2001 From: "mergify[bot]" <37929162+mergify[bot]@users.noreply.github.com> Date: Fri, 2 Aug 2024 16:31:10 +0100 Subject: [PATCH] [8.1] Adds Allowlist Elastic Endpoint in third-party antivirus apps page to serverless docs (backport #5639) (#5654) * Adds Allowlist Elastic Endpoint in third-party antivirus apps page to serverless docs (#5639) * Adds Allowlist Elastic Endpoint in third-party antivirus apps page to serverless docs * Adds page description * Apply suggestions from code review Co-authored-by: Joe Peeples * Removes div id * Adds note to allowlist pages --------- Co-authored-by: Joe Peeples (cherry picked from commit f8e7ca6e32243193bcc4519304530e4cf8377d94) # Conflicts: # docs/management/admin/trusted-apps.asciidoc # docs/serverless/edr-manage/trusted-apps-ov.mdx # docs/serverless/serverless-security.docnav.json * Delete docs/serverless directory and its contents * Resolves conflict * Renames integration --------- Co-authored-by: natasha-moore-elastic <137783811+natasha-moore-elastic@users.noreply.github.com> Co-authored-by: github-actions[bot] Co-authored-by: natasha-moore-elastic --- docs/management/admin/allowlist-endpoint-3rd-party-av.asciidoc | 2 ++ docs/management/admin/trusted-apps.asciidoc | 2 ++ 2 files changed, 4 insertions(+) diff --git a/docs/management/admin/allowlist-endpoint-3rd-party-av.asciidoc b/docs/management/admin/allowlist-endpoint-3rd-party-av.asciidoc index 3a53338b53..c0bef411da 100644 --- a/docs/management/admin/allowlist-endpoint-3rd-party-av.asciidoc +++ b/docs/management/admin/allowlist-endpoint-3rd-party-av.asciidoc @@ -1,6 +1,8 @@ [[allowlist-endpoint-3rd-party-av-apps]] = Allowlist Elastic Endpoint in third-party antivirus apps +NOTE: If you use other antivirus (AV) software along with {endpoint-sec}, you may need to add the other system as a trusted application in the {security-app}. Refer to <> for more information. + Third-party antivirus (AV) applications may identify the expected behavior of {elastic-endpoint} as a potential threat. Add {elastic-endpoint}'s digital signatures and file paths to your AV software's allowlist to ensure {elastic-endpoint} continues to function as intended. We recommend you allowlist both the file paths and digital signatures, if applicable. NOTE: Your AV software may refer to allowlisted processes as process exclusions, ignored processes, or trusted processes. It is important to note that file, folder, and path-based exclusions/exceptions are distinct from trusted applications and will not achieve the same result. This page explains how to ignore actions taken by processes, not how to ignore the files that spawned those processes. diff --git a/docs/management/admin/trusted-apps.asciidoc b/docs/management/admin/trusted-apps.asciidoc index ecd73bcd1c..c09bb9d047 100644 --- a/docs/management/admin/trusted-apps.asciidoc +++ b/docs/management/admin/trusted-apps.asciidoc @@ -2,6 +2,8 @@ [chapter, role="xpack"] = Trusted applications +NOTE: If you use {endpoint-sec} along with other antivirus (AV) software, you might need to configure the other system to trust {elastic-endpoint}. Refer to <> for more information. + You can add Windows, macOS, and Linux applications that should be trusted. By adding these trusted applications, you can use {elastic-sec} without compatibility or performance issues with other installed applications on your system. Trusted applications are applied only to hosts running {endpoint-sec}. NOTE: You must have the built-in `superuser` role to access this feature. For more information, refer to {ref}/built-in-users.html[Built-in users].