Add "Exploit Mitigation" as a policy exclusion type
Brief: Currently there are only 7/9 Exclusion Types (compared to the 9 Exclusion Types in Global Settings/ Global Exclusions) available when adding an exclusion to a threat protection policy. We need the ability to create "Exploit Mitigation" exclusions at a threat policy level, not just as a global exclusion.
Discussion: In an enterprise environment with many users filling a variety of job requirements, the inability to create granular Exploit Mitigation exclusions makes for a cumbersome exclusion process. Yes, this option is available in Global Exclusions, however we may only want to exclude a certain Exploit Mitigation (i.e. Lockdown exploit) from being detected in a given application (i.e. Excel, Adobe, etc.) for only a handful of tens of thousands of computers. In this case, we would want to create a specific policy for a subset of users to which we could apply this exlcusion for.
Because of the unique nature of a detection ID/ thumbprint that is assigned to an exploit mitigation event, creating a custom policy and adding a "Detected Exploits" exclusion is not effective. One example is a user who had a custom script that is run on everchanging Excel reports. The script that gets run on the report is a PowerShell script, and had a handful of commands that could be run. Different commands generated different detection IDs, thus requiring a custom policy to be created with 7 Detected Exploit exclusions.
we also had a problem with exlusions by thumbprint in Ticket #9857726 and had to create a global exclusionin the "Exploit Mitigation", witch is very unsave compared with an exception for Servers.
Exploit mitigation options should indeed be visible. We have the same issue. An excel file that runs a script (detected as lockdown). We would like to exclude excel in a separate policy and only exclude lockdown newfile.