Exclusion Support
The inputs for File Exclusions, Behavioral Scan Exclusions, Traffic Scan Exclusions, and Anti-Phishing Exclusions are listed in Configuration tab under Anti-Malware Profile tab. Toggle the exclusion type to exclude the type from the scan.
Following screenshot is an example of File Exclusion:
Following is the list of Type that can be selected to exclude from the scans:
File Exclusions:
| Type | Value | Description | Expandable Variable Support | Wildcard Support | Examples |
|
file |
the absolute path of the file |
excludes from the scanning a specific file |
Yes |
Yes |
C:\*\text.txt |
|
folder |
the absolute path of the folder |
excludes from the scanning a specific folder and its content recursively |
Yes |
Yes |
%programdata%\*\folder\ |
|
extension |
the extension name |
excludes from scanning all files that have a specific extension |
No |
No |
exe |
|
process (only for OnAccess Scan) |
the absolute file path of an executable file |
excludes from the scanning a process by its path |
Yes |
Yes |
%windir%\*.exe |
|
cmdline (only for OnAccess Scan) |
the absolute path file path of an executable file followed by the arguments |
excludes from the scanning a process by its command line. Use this exclusion to avoid detections when the processes is started with this command line |
No |
No |
c:\test.exe param1 param2 |
|
sha256 |
the sha256 hash value of the file |
excludes a file using its sha256 hash. The exclusion is evaluated after a detection has occurred and thus not be used for performance reason |
No |
No |
e2ec4xxxxxx88caxxxxxxebe8cxxxxa86d3xxxxxx4f1b1 |
|
thumbprint |
the hash of the certificate which the file is signed with |
excludes a file using the thumbprint of the certificate. The exclusion is evaluated after a detection has occurred and thus should not be used for performance reason |
No |
No |
a3eccb1xxxxxxxxx5f02cxxxxxxxecbc4f79 |
|
threatName |
the threatName reported in a previous detection |
excludes a file using the name of the threat reported in a previous detection. The exclusion is evaluated after a detection has occurred and thus should not be used for performance reason |
No |
No |
BAT.Trojan.Test.Z |
Behavioral Scan Exclusions:
| Type | Value | Description | Expandable Variable Support | Wildcard Support | Examples |
|
folder |
the absolute path of the folder |
excludes from monitoring every process that has the image path located in the folder specified (or sub-folder recursively) |
Yes |
Yes |
%programdata%\*\test |
|
process |
the absolute path of the executable folder |
excludes from monitoring the process with this image path |
Yes |
Yes |
%windir%\app*.exe |
|
cmdline |
the absolute file path of an executable file followed by the arguments |
excludes from monitoring the process if strted with this command line |
No |
No |
C:\app.exe param1 |
|
sha256 |
the sha256 hash value of the file |
excludes from monitoring the process with this hash of its image file |
No |
No |
e2ec4xxxxxx88caxxxxxxebe8cxxxxa86d3xxxxxx4f1b1 |
|
threatName |
the threatName reported in a previous code-buffers detection |
ignores the remediation actions if a code-buffer detection has this threat name |
No |
No |
EICAR.Test |
Traffic Scan Exclusions:
| Type | Description | Wildcard Support | Examples |
|
IP Address |
the list of the remote IP, IP/MASK addresses |
Yes |
10.10.xx.xx |
|
URL |
the list of URLs |
Yes |
http://*qualys |
|
Application |
the list of host application name, excluding the path |
Yes |
*qualys*.exe |
Anti-Phishing Exclusions:
| Type | Description | Wildcard Support |
|
URL |
the list of URLs |
No |