Exclusion Support

The inputs for File Exclusions, Behavioral Scan Exclusions, Traffic Scan Exclusions, and Anti-Phishing Exclusions are listed in Configuration tab under Anti-Malware Profile tab. Toggle the exclusion type to exclude the type from the scan.

Following screenshot is an example of File Exclusion:

Following is the list of Type that can be selected to exclude from the scans:

File Exclusions:

Type Value Description Expandable Variable Support Wildcard Support Examples

file

the absolute path of the file

excludes from the scanning a specific file

Yes

Yes

C:\*\text.txt

folder

the absolute path of the folder

excludes from the scanning a specific folder and its content recursively

Yes

Yes

%programdata%\*\folder\

extension

the extension name

excludes from scanning all files that have a specific extension

No

No

exe

process (only for OnAccess Scan)

the absolute file path of an executable file

excludes from the scanning a process by its path

Yes

Yes

%windir%\*.exe

cmdline (only for OnAccess Scan)

the absolute path file path of an executable file followed by the arguments

excludes from the scanning a process by its command line. Use this exclusion to avoid detections when the processes is started with this command line

No

No

c:\test.exe param1 param2

sha256

the sha256 hash value of the file

excludes a file using its sha256 hash. The exclusion is evaluated after a detection has occurred and thus not be used for performance reason

No

No

e2ec4xxxxxx88caxxxxxxebe8cxxxxa86d3xxxxxx4f1b1

thumbprint

the hash of the certificate which the file is signed with

excludes a file using the thumbprint of the certificate. The exclusion is evaluated after a detection has occurred and thus should not be used for performance reason

No

No

a3eccb1xxxxxxxxx5f02cxxxxxxxecbc4f79

threatName

the threatName reported in a previous detection

excludes a file using the name of the threat reported in a previous detection. The exclusion is evaluated after a detection has occurred and thus should not be used for performance reason

No

No

BAT.Trojan.Test.Z

 

Behavioral Scan Exclusions:

Type Value Description Expandable Variable Support Wildcard Support Examples

folder

the absolute path of the folder

excludes from monitoring every process that has the image path located in the folder specified (or sub-folder recursively)

Yes

Yes

%programdata%\*\test

process

the absolute path of the executable folder

excludes from monitoring the process with this image path

Yes

Yes

%windir%\app*.exe

cmdline

the absolute file path of an executable file followed by the arguments

excludes from monitoring the process if strted with this command line

No

No

C:\app.exe param1

sha256

the sha256 hash value of the file

excludes from monitoring the process with this hash of its image file

No

No

e2ec4xxxxxx88caxxxxxxebe8cxxxxa86d3xxxxxx4f1b1

threatName

the threatName reported in a previous code-buffers detection

ignores the remediation actions if a code-buffer detection has this threat name

No

No

EICAR.Test

 

Traffic Scan Exclusions:

Type Description Wildcard Support Examples

IP Address

the list of the remote IP, IP/MASK addresses

Yes

10.10.xx.xx

URL

the list of URLs

Yes

http://*qualys

Application

the list of host application name, excluding the path

Yes

*qualys*.exe

 

Anti-Phishing Exclusions:

Type Description Wildcard Support

URL

the list of URLs

No