Hi everyone, 

I need to filter these events, but remove events related to RdrCEF.exe

How to create an exception in inputs.conf with this Full File Path: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\acrocef_1\RdrCEF.exe T

Today my inputs.conf is:

[WinEventLog://Microsoft-Windows-AppLocker/EXE and DLL]
checkpointInterval = 5
current_only = 0
disabled = 0
index = test1
start_from = oldest
renderXml = 1
whitelist = 8000, 8004, 8007, 8008, 8029, 8032, 8035, 8036, 8040
blacklist1 = EventCode = "^8004$" Message = "\%PROGRAMFILES\%\\ADOBE\\ACROBAT\sREADER\sDC\\READER\\ACROCEF_1\\RDRCEF\.EXE"
blacklist2 = EventCode = "^8004$" Message = "\%PROGRAMFILES\%\\ADOBE\\ACROBAT\sREADER\sDC\\READER\\ACROCEF_1\\RDRCEF\.EXE"
blacklist3 = EventCode = "^8004$" Message = "\\RDRCEF\.EXE"
blacklist4 = EventCode = "^8004$" Message = "*\\RDRCEF\.EXE"
_TCP_ROUTING = test