Creating exclusions for Advanced EPDR/EDR

Creating exclusions for Advanced EPDR/EDR

By April 7, 2020November 2nd, 2022EDR, EPDR, Support
+34 900 840 407
support@cytomic.ai

Creating exclusions for Advanced EPDR/EDR

Related Products
  • Advanced EPDR
  • Advanced EDR
Situation

You need to exclude files and/or folders from scanning in Advanced EPDR/EDR.

WARNING! Using file and path exclusions prevents certain items or areas on the computer from being scanned. Unknown software won’t be prevented from running. This, however, could represent a security hole and is not recommended for use except where there are problems with the computer’s performance. We recommend that you use the Authorized Software feature to configure safe exclusions.

Preliminary steps

Before applying any exclusion for the permanent protection, ensure the following statements are true:

  • Folder exclusions:
    • Exclusions CONTAIN full path.
    • Exclusions DO NOT CONTAIN mapped drives.
    • Exclusions to network locations CONTAIN full UNC path.
    • User environment and system variables supported for Advanced Protection exclusions. System Environment variables supported for Antivirus exclusions. Variables created by the user are not supported.
    • Wildcards (asterisks and question marks) are NOT supported.

Examples of CORRECT folder exclusions:

C:\windows\system32
\\192.168.21.23\test
%ProgramFiles%\Test

Examples of INCORRECT folder exclusions:

Z:\ (where z is a mapped drive)
C:\temp*\
C:\?indows

  • File exclusions:
    • Exclusions CONTAIN full path.
    • Exclusions DO NOT CONTAIN mapped drives.
    • Exclusions to network locations CONTAIN full UNC path.
    • Use of wildcards (asterisks and question marks):
      • Valid for Advanced Protection and Antivirus Protection exclusions.
      • Use one asterisk per file name and one question mark per character.
Solution

Follow the instructions below in order to exclude elements from the scan:

NOTE: The example below covers excluding files for an individual Windows server, but the procedure to exclude files for a workstation or a group of machines is the same. Just right click on the appropriate container in the console.

  1. Access the Web Console.
  2. In the Settings tab, Workstations and servers section, select the profile that you want.
  3. Once in the Edit settings screen, select General option and go to Exclusions.
  4. On the Exclusions section enter any needed exclusions, such as:
    • Directories
    • Files
    • Extensions
  5. Once all exclusions have been included, save the changes. These changes will be applied in the next update of the signature file.
    In the case of using ASP.net applications, find out which folders to exclude from the antivirus scan by reading the MSDN (Microsoft Development Network) article called ASP.net Anti-virus Exclusion List.For additional information on the latest Microsoft exclusions, you can periodically review the Microsoft Anti-Virus Exclusion List page available in Microsoft’s TechNet Wiki page.