Exclusion Path on macOS

The Agent Configuration policy can be customized to exclude specified folder paths from all application control policy processing. All applications launched from the specified paths will not be processed via the Privilege Manager agent, which allows for minimal interruption and maximum performance. Any log entries are executed asynchronously without any impact on processing.

Optimizing Compile Times

For developers with an agent installed on a computer running the Verify Privilege Manager application, adding an Exclusion Path to the application control agent is the best approach to safeguard against increased compilation times that affect system performance.

Exclusion paths are paths to software development tools (for example, program files, folders, etc.). When an application launches, the agent checks the exclusions first, before filters, thereby executing faster and saving time with agent and filter assessment.

If performance issues persist with the use of exclusion paths, IBM Security recommends an evaluation with support services to assess the environment.

To add exclusion paths to the Agent Configuration policy in the General Settings:

1. Navigate to your Computer Group and select Agent Configuration.

2. Select the Application Control Agent Configuration Policy (MacOS) policy.

3. To access advanced settings, click Show Advanced.

4. In the Exclusion Path field, specify the path exclusions for the application control agent. Separate each path by a new line.

   Standard file paths such as /users/admin/downloads/ can be used, where subfolders will also be evaluated.