This site is for Avast Business products only. For articles on AVG Business products, see AVG Business Help. If you are in the right place but cannot find what you are looking for, please contact Avast Business Support for further assistance.

Configuring Antivirus Exclusions

This Article Applies to:

  • Avast Business Hub

 

Through your Business Hub policies, you can exclude specified files, folders, or websites from being scanned by Antivirus if needed. Configuring standard and component-specific exclusions can speed up scans and prevent false-positive detections.

Exclusions are limited to approximately 8000 characters across both standard (All Scans and Shields) and component-specific (File Shield, Web Shield, etc) exclusions. Therefore, we recommend minimizing exclusions where possible to prevent any security flaws and/or impact on system performance.

Wildcards can be used when configuring exclusions. Note, however, that Sandbox, Behavior Shield, and Web Shield have certain limitations when it comes to the use of wildcards. For more info, see respective sections below.

To access the settings for Antivirus exclusions:

  1. Open the Policies page
  2. Click the desired policy to open its Detail drawer
  3. Click the Exclusions tab
  4. Expand the Antivirus exclusions section

Configuring Standard Exclusions

You can configure exclusions (called exceptions in the local UI) that will propagate across all of the various Antivirus shields and components in the Exclusions tab of your console, within a selected policy.

Any changes made to exclusions within policies will propagate across your network every 5-10 minutes.

Standard exclusions apply to Windows workstations and servers only.

 

To add a standard exclusion, i.e. an exclusion that will apply to all scans and shields:

  1. From the Antivirus exclusions section of the policy's Exclusions settings, select the All Scans and Shields tab
  2. Click + Add new exclusion in the desired section:
    • File paths: Exclude specified file paths or URLs from virus scans and shield protection
      • Exclusions containing full application paths will also apply to the Anti-Rootkit component.
    • Hardened mode: Exclude specified executable files from Hardened Mode checks
    • CyberCapture: Exclude specified executable files from CyberCapture checks
    • URL addresses: Exclude specified URL addresses from scanning
      • For Real Site exclusions (Windows only), use the dns://domain.com/* format.
    • On-demand scans: Exclude specified file paths from virus scans started by the end user
    • Programs: Exclude specified paths to programs or scripts (and optional parameters) from Antivirus checks
  1. In the pop-up dialog, specify the file/program path or URL you want to exclude
  2. Click Add new exclusion
  1. Save your changes once you are finished adding exclusions

Configuring Component-Specific Exclusions

Many of the customizable Antivirus components have a dedicated tab for configuring exclusions that will only affect that particular component. The process of creating specific exclusions is similar for most shields and components.

File Shield Exclusions

Any exclusions specified here will not be scanned by File Shield during a device scan. This can be used to speed up your scan for locations you know are safe or to prevent false positives.

To add an exclusion to the File Shield scan:

  1. From the Antivirus exclusions section of the policy's Exclusions settings, select the File Shield tab
  1. Click + Add new exclusion
  2. In the pop-up dialog, enter the file path you would like to exclude
  3. Use the check boxes to specify to which actions the exclusion applies (reading, writing, or executing files)
  4. Click Add new exclusion
  1. Save your changes once you are finished adding exclusions

Web Shield Exclusions

Any exclusions specified here will not be scanned by Web Shield when devices are accessing the internet. This can be used to prevent false positives.

Web Shield's Process exclusions do not accept wildcard characters.

Web Shield exclusions apply to Windows workstations and servers only.

 

To add an exclusion to the Web Shield scan:

  1. From the Antivirus exclusions section of the policy's Exclusions settings, select the Web Shield tab
  2. Click + Add new exclusion in the desired section:
    • URL addresses
    • MIME-types
    • Processes (these do not accept wildcards)
    • Scripts
    • Mac exclusions list
  1. In the pop-up dialog, enter the details for the exclusion (URL address, MIME-type, path to process, or host name, depending on the selected section)
  2. Click Add new exclusion
  1. Save your changes once you are finished adding exclusions

Mail Shield Exclusions

Any mail servers specified here will not be scanned by Mail Shield during a device scan.

Mail Shield exclusions apply to macOS devices only.

 

To add an exclusion to the Mail Shield scan:

  1. From the Antivirus exclusions section of the policy's Exclusions settings, select the Mail Shield tab
  2. Click + Add new exclusion
  1. In the pop-up dialog, enter the server URL and mail server services for the exclusion
  2. Click Add new exclusion
  1. Save your changes once you are finished adding exclusions

Behavior Shield Exclusions

Any exclusions specified here will not be scanned by Behavior Shield when devices are running programs and processes. Network share is supported as long as you are using the absolute path to the folder/file.

Behavior Shield does not support inserting wildcards at the beginning or in the middle of a file path (for example, C:\users\*\application.exe). However, you can still use a wildcard at the end of the path (for instance, C:\users\username\*).

Behavior Shield exclusions apply to Windows workstations only.

 

To add an exclusion to the Behavior Shield scan:

  1. From the Antivirus exclusions section of the policy's Exclusions settings, select the Behavior Shield tab
  2. Click + Add new exclusion
  1. In the pop-up dialog, enter the location of the program you would like to exclude
  2. Click Add new exclusion
  1. Save your changes once you are finished adding exclusions

Sandbox Exclusions

These exclusions will only apply when Sandbox is used to virtualize potentially infected files, and will ensure the specified locations are not brought into the virtualized environment. For example, you can exclude your Downloads folder so that files downloaded from a browser in the virtualized environment are not deleted when you close the browser.

Sandbox exclusion paths do not accept wildcard characters.

Sandbox exclusions apply to Windows workstations and servers only.

 

To add a standard exclusion, i.e. an exclusion that will apply to all scans and shields:

  1. From the Antivirus exclusions section of the policy's Exclusions settings, select the Sanbox tab
  2. Click + Add new exclusion
  1. In the pop-up dialog, enter the location you would like to exclude from virtualization
  2. Click Add new exclusion
  1. Save your changes once you are finished adding exclusions