** Note that this is a public ticket, please refrain from adding any sensitive data. **

1. Proposed title of this feature request
Exclude file with regex expression in Malware

2. Who is the customer behind the request?

Account: AmeriCold Logistics, LLC
acct # 1623735
TAM customer: no
CSM customer: no
Strategic: no

3. What is the nature and description of the request?
Need to exlude files from Malware configuration using regex expression. For example,

• /usr/lib/modules/[0-9][0-9\.elx_]/extra/falcon_lsm_pinned_[0-9].ko

4. Why does the customer need this and how would the customer like to achieve this?? (List the business and functional requirements here)

Customer is required to run falcon-sensor on their systems as an active scanning tool looking at activity on the system. Customer is looking at yara to be a different set of eyes and a passive scanning backup to falcon-sensor.

5. Is there already an existing RFE upstream or in Red Hat Bugzilla?
No

6. Does the customer have any specific timeline dependencies and which release would they like to target (i.e. RHEL8, RHEL9)?
Yes, customer would like to get yara sanning implemented in PROD by June, 2024.

7. Is the sales team involved in this request and do they have any additional input?
No

8. List any affected packages or components.
Yara/ Malware

9. Would the customer be able to assist in testing this functionality if implemented?
Yes