This site is for Avast Business products only. For articles on AVG Business products, see AVG Business Help. If you are in the right place but cannot find what you are looking for, please contact Avast Business Support for further assistance.

Configuring Antivirus Exclusions

This Article Applies to:

  • Avast Business On-Premise Console

 

Through your On-Premise Console policies, you can exclude specified files, folders, or websites from being scanned by Antivirus if needed. Configuring standard and component-specific exclusions can speed up scans and prevent false-positive detections.

Exclusions are limited to approximately 8000 characters across both standard (All Scans and Shields) and component-specific (File Shield, Web Shield, etc) exclusions. Therefore, we recommend minimizing exclusions where possible to prevent any security flaws and/or impact on system performance.

Wildcards can be used when configuring exclusions. Note, however, that Sandbox, Behavior Shield, and Web Shield have certain limitations when it comes to the use of wildcards. For more info, see respective sections below.

Configuring Standard Exclusions

You can configure exclusions (called exceptions in the local UI) that will propagate across all of the various Antivirus shields and components in the Antivirus Settings tab of your console, within a selected policy.

Any changes made to exclusions within policies will propagate across your network every 5-10 minutes.

Standard exclusions apply to Windows workstations and servers only.

 

To add a standard exclusion, i.e. an exclusion that will apply to all scans and shields:

  1. Open the desired policy
  2. Select Windows Workstation or Windows Server, then navigate to the Antivirus settings tab
  3. In the Exclusions section, enter the desired exclusion, ensuring the correct tab is selected:
    • File paths: Exclude specified file paths from virus scans and shield protection
    • URL addresses: Exclude specified URLs from virus scans and shield protection
    • DeepScreen: Exclude specified executable files from DeepScreen checks
    • Hardened mode: Exclude specified executable files from Hardened Mode checks
  4. Click Add next to your entry

Configuring Component-Specific Exclusions

Many of the customizable Antivirus components have a dedicated tab for configuring exclusions that will only affect that particular component. The process of creating specific exclusions is similar for most shields and components.

File Shield Exclusions

Any exclusions specified here will not be scanned by File Shield during a device scan. This can be used to speed up your scan for locations you know are safe or to prevent false positives.

To add an exclusion to the File Shield scans:

  1. Open the desired policy
  2. Select the OS, then navigate to the Active protection tab
  3. Click Customize next to File Shield
  1. Select the Exclusions tab
  2. In the Enter path field, specify the file path you would like to exclude
  3. Use the checkboxes on the left to specify when the exclusion applies — when the file is Read, Written, and/or Executed
  4. Click Add next to your entry

Behavior Shield Exclusions

Any exclusions specified here will not be scanned by Behavior Shield when devices are running programs and processes. Network share is supported as long as you are using the absolute path to the folder/file.

Behavior Shield does not support inserting wildcards at the beginning or in the middle of a file path (for example, C:\users\*\application.exe). However, you can still use a wildcard at the end of the path (for instance, C:\users\username\*).

Behavior Shield exclusions apply to Windows workstations only.

 

To add an exclusion to the Behavior Shield scans:

  1. Open the desired policy
  2. Select Windows Workstation, then navigate to the Active protection tab
  3. Click Customize next to Behavior Shield
  1. In the Exclusions section, enter the location you would like to exclude
  2. Click Add next to your entry

Mail Shield Exclusions

Any mail servers specified here will not be scanned by Mail Shield during a device scan.

Mail Shield exclusions apply to macOS devices only.

 

To add an exclusion to the Mail Shield scan:

  1. Open the desired policy
  2. Select Mac OS X, then navigate to the Active protection tab
  3. Click Customize next to Mail Shield
  1. From the Select service drop-down menu at the top of the Exclusion list, choose between imap, imaps, pop3, and pop3s protocols
  2. In the Enter the host name field, specify the domain you would like to exclude
  3. Click Add next to your entry

Web Shield Exclusions

Any exclusions specified here will not be scanned by Web Shield when devices are accessing the internet. This can be used to prevent false positives.

Web Shield's Process exclusions do not accept wildcard characters.

Windows

To add an exclusion to the Web Shield scans run on Windows devices:

  1. Open the desired policy
  2. Select Windows Workstation or Windows Server, then navigate to the Active protection tab
  3. Click Customize next to Web Shield
  1. Select the Exclusions tab
  2. Do one of the following based on the type of exclusion you would like to create:
    • For URLs, ensure the Enable checkbox is ticked, then enter the URL you would like to exclude in the URL address field
    • For MIME-types, ensure the Enable checkbox is ticked, then enter the MIME-type you would like to exclude in the MIME-type field
    • For processes, ensure the Enable checkbox is ticked, then enter the process path in the Path to process field (these do not accept wildcards)
  3. Click Add next to your entry

macOS

To add an exclusion to the Web Shield scans run on macOS devices:

  1. Open the desired policy
  2. Select Mac OS X, then navigate to the Active protection tab
  3. Click Customize next to Web Shield
  1. From the Select service drop-down menu at the top of the Exclusion list, choose between http and https protocols
  2. In the Enter the host name field, specify the domain you would like to exclude
  3. Click Add next to your entry

Sandbox Exclusions

These exclusions will only apply when Sandbox is used to virtualize potentially infected files, and will ensure the specified locations are not brought into the virtualized environment. For example, you can exclude your Downloads folder so that files downloaded from a browser in the virtualized environment are not deleted when you close the browser.

Sandbox exclusion paths do not accept wildcard characters.

Sandbox exclusions apply to Windows workstations and servers only.

 

To add a Sandbox exclusion:

  1. Open the desired policy
  2. Select Windows Workstation or Windows Server, then navigate to the Active protection tab
  3. Click Customize next to Sandbox
  1. Select the Exclusions tab
  2. In the Enter exact location path to be excluded field, enter the location you would like to exclude
  3. Click Add next to your entry