Exclusion Support
The inputs for File Exclusions, Behavioral Scan Exclusions, Traffic Scan Exclusions, Anti-Phishing Exclusions, and Device Control Exclusions are listed in the Configuration tab under the Anti-Malware Profile tab. Toggle the exclusion type to exclude it from the scan.
The following screenshot is an example of File Exclusion:
This section includes the following list of Types that can be selected to exclude from the scans:
File Exclusions
| Type | Value | Description | Expandable Variable Support | Wildcard Support | Examples |
|
file |
the absolute path of the file |
excludes from the scanning a specific file |
Yes |
Yes |
C:\*\text.txt |
|
folder |
the absolute path of the folder |
excludes from the scanning a particular folder and its content recursively |
Yes |
Yes |
%programdata%\*\folder\ |
|
extension |
the extension name |
excludes from scanning all files that have a specific extension |
No |
No |
exe |
|
process (only for OnAccess Scan) |
the absolute file path of an executable file |
excludes from the scanning a process by its path |
Yes |
Yes |
%windir%\*.exe |
|
cmdline (only for OnAccess Scan) |
the absolute path file path of an executable file followed by the arguments |
excludes from scanning a process by its command line. Use this exclusion to avoid detections when the process is started with this command line |
No |
No |
c:\test.exe param1 param2 |
|
sha256 |
the sha256 hash value of the file |
excludes a file using its sha256 hash. The exclusion is evaluated after detection has occurred and, thus not be used for performance reason |
No |
No |
e2ec4xxxxxx88caxxxxxxebe8cxxxxa86d3xxxxxx4f1b1 |
|
thumbprint |
the hash of the certificate which the file is signed with |
excludes a file using the thumbprint of the certificate. The exclusion is evaluated after detection has occurred. It thus should not be used for performance reason |
No |
No |
a3eccb1xxxxxxxxx5f02cxxxxxxxecbc4f79 |
|
threatName |
the threatName reported in a previous detection |
excludes a file using the name of the threat reported in earlier detection. The exclusion is evaluated after detection and thus should not be used for performance reason |
No |
No |
BAT.Trojan.Test.Z |
Behavioral Scan Exclusions
| Type | Value | Description | Expandable Variable Support | Wildcard Support | Examples |
|
folder |
the absolute path of the folder |
excludes from monitoring every process that has the image path located in the folder specified (or sub-folder recursively) |
Yes |
Yes |
%programdata%\*\test |
|
process |
the absolute path of the executable folder |
excludes from monitoring the process with this image path |
Yes |
Yes |
%windir%\app*.exe |
|
cmdline |
the absolute file path of an executable file followed by the arguments |
excludes from monitoring the process if started with this command line |
No |
No |
C:\app.exe param1 |
|
sha256 |
the sha256 hash value of the file |
excludes from monitoring the process with this hash of its image file |
No |
No |
e2ec4xxxxxx88caxxxxxxebe8cxxxxa86d3xxxxxx4f1b1 |
|
threatName |
the threatName reported in a previous code-buffers detection |
ignores the remediation actions if a code-buffer detection has this threat name |
No |
No |
EICAR.Test |
Traffic Scan Exclusions
| Type | Description | Wildcard Support | Examples |
|
IP Address |
the list of the remote IP, IP/MASK addresses. |
Yes |
10.10.xx.xx |
|
URL |
the list of URLs |
Yes |
http://*qualys |
|
Application |
the list of host application name, excluding the path |
Yes |
*qualys*.exe |
If you are using Qualys IP Scanner, ensure you add it in the allow list of the Traffic Scan Exclusions and add the IP address in the IP type.
Anti-Phishing Exclusions
| Type | Description | Wildcard Support |
|
URL |
the list of URLs |
No |
Device Control Exclusions
Toggle the Device Control Exclusions from the Exclusions option. Perform the following steps to create Device Control Exclusions:
- Click Add New Exclusion to exclude the device.
- In the Create Exclusion window, provide the details in the mandatory fields.
- Choose Rule Mode as Manual or Auto.
- Manual Rule Mode: Enter the list of Device IDs.
- Auto Rule Mode: Click the
and select the Device Id or Product Id. Click Search. Click Add to include the devices. All the added devices will be listed in the Exclusions.
The following example screenshot displays the Device Control Exclusion window:
If you select Product ID, all devices having the same Product Id will be excluded.
- Choose to Allow or Block the specified devices.
- Click Create.
The following example screenshot displays the list of exclusions based on Device Id, Product Id, or Product Name:
