Name

sa.traffic_based_discovery.blacklist

Description

Generic apps that should be excluded from traffic based discovery

Value

system32\\(?!w3wp).*.exe|wininit.exe|winlogon.exe|lsass.exe|fsearchctrl.exe|sqlservr.exe

Sys ID

2b635e007f313100ed1c3b19befa91f9

Offical Documentation

Official Docs: sa.traffic_based_discovery.blacklist