disable or change definition: suspicious process and excessive resource

Post Reply
guygreg2
Junior Member
Posts: 4
Joined: 22 Mar 2017, 22:02

disable or change definition: suspicious process and excessive resource

Post by guygreg2 »

Hi,
I really like the CSF tool but am getting lots of alerts for "suspicious process" and "excessive resource usage". These are for processes I know about and am ok with the resource usage.
I've got them filtered to go into a special mail folder, but the constant alerting obscures when I get an email I want to read. Similarly, I'll never know if I really DO have something problematic because the alert for it will be lost and ignored in a sea of others.

It would be nice if the interface allowed you to define what is "suspicious" and what is "excessive". In the meantime, can anyone point me to the config file so I can adjust this, or else disable the alerts?

Thank you!
FutherForward20
Junior Member
Posts: 22
Joined: 03 Sep 2016, 13:56

Re: disable or change definition: suspicious process and excessive resource

Post by FutherForward20 »

Hi all

I came here looking for an answer on this matter also.

The "Excessive resource usage" notifications can be a bit of a nuisance if you already know about the user / program etc. So what is the best way to curtail these based on a specific user - or perhaps increase the notification thresh-hold.

Thanks
Sergio
Junior Member
Posts: 1715
Joined: 12 Dec 2006, 14:56

Re: disable or change definition: suspicious process and excessive resource

Post by Sergio »

Have you tried to use pignore?
Post Reply