Configuring Antivirus Exclusions

 

Through your CloudCare Console policies, you can exclude specified files, folders, or websites from being scanned by Antivirus if needed. Configuring standard and component-specific exclusions can speed up scans and prevent false-positive detections.

Exclusions are limited to approximately 8000 characters across both standard (All Scans and Shields) and component-specific (File Shield, Web Shield, etc) exclusions. Therefore, we recommend minimizing exclusions where possible to prevent any security flaws and/or impact on system performance.

Wildcards can be used when configuring exclusions. Note, however, that Sandbox, Behavior Shield, and Web Shield have certain limitations when it comes to the use of wildcards. For more info, see respective sections below.

Configuring Standard Exclusions

You can configure exclusions that will propagate across all of the various Shields and components of CloudCare Antivirus in the Antivirus section of your policies.

Any changes made to exclusions within policies will propagate across your network roughly every 5-10 minutes. Console policies override local settings.

1. For Partners, if you would like to only configure exclusions for one customer, select the customer in the Customer Drop-down Menu
2. Navigate to the Policies tab
3. Click the policy you would like to add exclusions to
4. Expand the Antivirus section, then click the Exclusions tab
5. Click Add exclusion, then select the exclusion type:
   • File path: enter a file path you would like to exclude
   • URL: enter a URL you would like to exclude
6. Check All Scans and Shields, then click Save
7. Click Save & Apply to Devices when you are finished
   • If you are editing a Master Policy, this option will say Save & Apply to Customers instead

Configuring Component-Specific Exclusions

Many of the customizable Antivirus components have a dedicated tab for configuring exclusions that will only affect that particular component. The process of creating specific exclusions is similar for most shields and components.

File Shield Exclusions

Any exclusions specified here will not be scanned by File Shield during a device scan. This can be used to speed up your scan for locations you know are safe or to prevent false positives.

1. For Partners, if you would like to only configure exclusions for one customer, select the customer in the Customer Drop-down Menu
2. Navigate to the Policies tab
3. Click the policy you would like to add exclusions to
4. Expand the Antivirus section, then click the Exclusions tab
5. Click Add exclusion, then select File path
6. Enter a file path you would like to exclude
7. Check File Shield, then click Save
   • You can also choose whether the exclusion applies to when files are Read, Written, or Executed using the check boxes below File Shield
8. Click Save & Apply to Devices when you are finished
   • If you are editing a Master Policy, this option will say Save & Apply to Customers instead

Web Shield Exclusions

Any exclusions specified here will not be scanned by Web Shield when devices are accessing the internet. This can be used to prevent false positives. Note that if you want to block specific URLs, you must enter these on the Site Blocking tab.

Web Shield's Process exclusion paths do not accept wildcard characters.

1. For Partners, if you would like to only configure exclusions for one customer, select the customer in the Customer Drop-down Menu
2. Navigate to the Policies tab
3. Click the policy you would like to add exclusions to
4. Expand the Antivirus section, then click the Exclusions tab
5. Click Add exclusion, then select one of the following:
   • URL: enter the URL you would like to exclude
   • MIME-type: enter the MIME-type you would like to exclude
   • Process: enter the process path you would like to exclude (these do not accept wildcards)
6. Check Web Shield, then click Save
7. Click Save & Apply to Devices when you are finished
   • If you are editing a Master Policy, this option will say Save & Apply to Customers instead

Behavior Shield Exclusions

Any exclusions specified here will not be scanned by Behavior Shield when devices are running programs and processes.

Behavior Shield does not support inserting wildcards at the beginning or in the middle of a file path (for example, C:\users\*\application.exe). You can still use a wildcard at the end of the file path (for instance, C:\users\username\*).

1. For Partners, if you would like to only configure exclusions for one customer, select the customer in the Customer Drop-down Menu
2. Navigate to the Policies tab
3. Click the policy you would like to add exclusions to
4. Expand the Antivirus section, then click the Behavior Shield tab
5. Enter the location you would like to exclude from scanning
6. Click Add
7. Click Save & Apply to Devices when you are finished
   • If you are editing a Master Policy, this option will say Save & Apply to Customers instead

Sandbox Exclusions

These exclusions will only apply when Sandbox is used to virtualize potentially infected files, and will ensure the specified locations are not brought into the virtualized environment. For example, you can exclude your Downloads folder so that files downloaded from a browser in the virtualized environment are not deleted when you close the browser.

Sandbox exclusion paths do not accept wildcard characters.

1. For Partners, if you would like to only configure exclusions for one customer, select the customer in the Customer Drop-down Menu
2. Navigate to the Policies tab
3. Click the policy you would like to add exclusions to
4. Expand the Firewall and Antivirus Add-ons section, then click the Sandbox tab
5. Click the Exclusions tab
6. Enter the location you would like to exclude from virtualization
7. Click Add
8. Click Save & Apply to Devices when you are finished
   • If you are editing a Master Policy, this option will say Save & Apply to Customers instead