Exclusion Support

The inputs for File Exclusions, Behavioral Scan Exclusions, Traffic Scan Exclusions, Anti-Phishing Exclusions, and Device Control Exclusions are listed in the Configuration tab under the Anti-Malware Profile tab. Toggle the exclusion type to exclude it from the scan.

The following screenshot is an example of File Exclusion:

Exclusions window.

This section includes the following list of Types that can be selected to exclude from the scans:

 

File Exclusions

Type Value Description Expandable Variable Support Wildcard Support Examples

file

the absolute path of the file

excludes from the scanning a specific file

Yes

Yes

C:\*\text.txt

folder

the absolute path of the folder

excludes from the scanning a particular folder and its content recursively

Yes

Yes

%programdata%\*\folder\

extension

the extension name

excludes from scanning all files that have a specific extension

No

No

exe

process (only for OnAccess Scan)

the absolute file path of an executable file

excludes from the scanning a process by its path

Yes

Yes

%windir%\*.exe

cmdline (only for OnAccess Scan)

the absolute path file path of an executable file followed by the arguments

excludes from scanning a process by its command line. Use this exclusion to avoid detections when the process is started with this command line

No

No

c:\test.exe param1 param2

sha256

the sha256 hash value of the file

excludes a file using its sha256 hash. The exclusion is evaluated after detection has occurred and, thus not be used for performance reason

No

No

e2ec4xxxxxx88caxxxxxxebe8cxxxxa86d3xxxxxx4f1b1

thumbprint

the hash of the certificate which the file is signed with

excludes a file using the thumbprint of the certificate. The exclusion is evaluated after detection has occurred. It thus should not be used for performance reason

No

No

a3eccb1xxxxxxxxx5f02cxxxxxxxecbc4f79

threatName

the threatName reported in a previous detection

excludes a file using the name of the threat reported in earlier detection. The exclusion is evaluated after detection and thus should not be used for performance reason

No

No

BAT.Trojan.Test.Z

Behavioral Scan Exclusions

Type Value Description Expandable Variable Support Wildcard Support Examples

folder

the absolute path of the folder

excludes from monitoring every process that has the image path located in the folder specified (or sub-folder recursively)

Yes

Yes

%programdata%\*\test

process

the absolute path of the executable folder

excludes from monitoring the process with this image path

Yes

Yes

%windir%\app*.exe

cmdline

the absolute file path of an executable file followed by the arguments

excludes from monitoring the process if started with this command line

No

No

C:\app.exe param1

sha256

the sha256 hash value of the file

excludes from monitoring the process with this hash of its image file

No

No

e2ec4xxxxxx88caxxxxxxebe8cxxxxa86d3xxxxxx4f1b1

threatName

the threatName reported in a previous code-buffers detection

ignores the remediation actions if a code-buffer detection has this threat name

No

No

EICAR.Test

Traffic Scan Exclusions

Type Description Wildcard Support Examples

IP Address

the list of the remote IP, IP/MASK addresses.

Yes

10.10.xx.xx

URL

the list of URLs

Yes

http://*qualys

Application

the list of host application name, excluding the path

Yes

*qualys*.exe

If you are using Qualys IP Scanner, ensure you add it in the allow list of the Traffic Scan Exclusions and add the IP address in the IP type. 

Anti-Phishing Exclusions

Type Description Wildcard Support

URL

the list of URLs

No

Device Control Exclusions

Toggle the Device Control Exclusions from the Exclusions option. Perform the following steps to create Device Control Exclusions:

  1. Click Add New Exclusion to exclude the device.
  2. In the Create Exclusion window, provide the details in the mandatory fields.
  3. Choose Rule Mode as Manual or Auto.
    • Manual Rule Mode: Enter the list of Device IDs.
    • Auto Rule Mode: Click the add icon to select Device Id or Product Id. and select the Device Id or Product Id. Click Search. Click Add to include the devices. All the added devices will be listed in the Exclusions.

    The following example screenshot displays the Device Control Exclusion window:

    Device Control Support exclusion window

    If you select Product ID, all devices having the same Product Id will be excluded. 

  4. Choose to Allow or Block the specified devices.
  5. Click Create.

    The following example screenshot displays the list of exclusions based on Device Id, Product Id, or Product Name:

    List of exclusions in the Exclusion step of Anti-Malware Profile Configuration.


 

 

Was this topic helpful?

success Thank you! We're glad to hear that this topic was useful.
failed We appreciate your feedback. We'll work to make this topic better for you in the future.