From 5cd2c60668c7827733a6fa24250690fead7b371c Mon Sep 17 00:00:00 2001
From: Olaf Hartong <8149899+olafhartong@users.noreply.github.com>
Date: Wed, 20 Sep 2023 07:31:32 +0000
Subject: [PATCH] severe base noise reduction
---
10_process_access/exclude_azure_monitor.xml | 14 +++++++++++
.../exclude_defender_for_endpoint copy.xml | 10 ++++++++
7_image_load/exclude_very_verbose.xml | 25 +++++++++++++++++++
3 files changed, 49 insertions(+)
create mode 100644 10_process_access/exclude_azure_monitor.xml
create mode 100644 10_process_access/exclude_defender_for_endpoint copy.xml
create mode 100644 7_image_load/exclude_very_verbose.xml
diff --git a/10_process_access/exclude_azure_monitor.xml b/10_process_access/exclude_azure_monitor.xml
new file mode 100644
index 00000000..cc91f247
--- /dev/null
+++ b/10_process_access/exclude_azure_monitor.xml
@@ -0,0 +1,14 @@
+
+
+
+
+
+ C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe
+ C:\Windows\system32\cscript.exe
+
+ C:\WindowsAzure\GuestAgent_;CollectGuestLogs.exe
+ C:\Program Files\Microsoft Monitoring Agent\Agent\HealthService.exe
+
+
+
+
diff --git a/10_process_access/exclude_defender_for_endpoint copy.xml b/10_process_access/exclude_defender_for_endpoint copy.xml
new file mode 100644
index 00000000..3ee61af5
--- /dev/null
+++ b/10_process_access/exclude_defender_for_endpoint copy.xml
@@ -0,0 +1,10 @@
+
+
+
+
+ C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe
+ C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\;\OpenHandleCollector.exe
+
+
+
+
diff --git a/7_image_load/exclude_very_verbose.xml b/7_image_load/exclude_very_verbose.xml
new file mode 100644
index 00000000..b949ac8b
--- /dev/null
+++ b/7_image_load/exclude_very_verbose.xml
@@ -0,0 +1,25 @@
+
+
+
+
+
+
+ C:\Windows\System32\svchost.exe
+ C:\Windows\System32\netapi32.dll
+
+
+ C:\Windows\System32\svchost.exe
+ C:\Windows\System32\msvcp110_win.dll
+
+
+ C:\Windows\System32\svchost.exe
+ C:\Windows\System32\dsreg.dll
+
+
+ C:\Windows\System32\svchost.exe
+ C:\Windows\System32\perfctrs.dll
+
+
+
+
+
\ No newline at end of file