disable or change definition: suspicious process and excessive resource
Posted: 22 Mar 2017, 22:11
Hi,
I really like the CSF tool but am getting lots of alerts for "suspicious process" and "excessive resource usage". These are for processes I know about and am ok with the resource usage.
I've got them filtered to go into a special mail folder, but the constant alerting obscures when I get an email I want to read. Similarly, I'll never know if I really DO have something problematic because the alert for it will be lost and ignored in a sea of others.
It would be nice if the interface allowed you to define what is "suspicious" and what is "excessive". In the meantime, can anyone point me to the config file so I can adjust this, or else disable the alerts?
Thank you!
I really like the CSF tool but am getting lots of alerts for "suspicious process" and "excessive resource usage". These are for processes I know about and am ok with the resource usage.
I've got them filtered to go into a special mail folder, but the constant alerting obscures when I get an email I want to read. Similarly, I'll never know if I really DO have something problematic because the alert for it will be lost and ignored in a sea of others.
It would be nice if the interface allowed you to define what is "suspicious" and what is "excessive". In the meantime, can anyone point me to the config file so I can adjust this, or else disable the alerts?
Thank you!