Create Exclusions in WatchGuard Endpoint Security

Applies To: WatchGuard Advanced EPDR This topic applies to the WatchGuard Advanced EPDR endpoint security product., WatchGuard EPDR This topic applies to the WatchGuard EPDR endpoint security product., WatchGuard EDR This topic applies to the WatchGuard EDR endpoint security product., WatchGuard EPP This topic applies to the WatchGuard EPP endpoint security product.

If you do not want WatchGuard Endpoint Security to scan specific files and folders, you create scan exclusions.

Exclusions disable antivirus and advanced protection for the specified files and file paths. We recommend that you only exclude files and paths to resolve performance problems.

Folder Exclusions

Before you apply any exclusions, make sure to follow these rules.

• Exclusions contain the full path and support subfolders and files within the specified path
• Exclusions do not contain mapped drives
• Exclusions to network locations contain the full UNC path
• Wildcards (asterisks and question marks) are not recommended
  • Valid only for Advanced Protection and Antivirus Protection exclusions
  • Use one asterisk per file name and one question mark per character (Windows only)
• User environment variables such as %appdata% are only supported in Advanced Protection exclusions

User variables are user dependent and the path they point to varies depending on which user is logged in to Windows. Systems variables such as %windir% are global and the same to every user account on the Windows computer, regardless of the user logged in to the system.

Examples of correct exclusions:

• Windows

C:\windows\system32

\\192.168.21.23\test

%ProgramFiles%\Test

• Linux

/var/log

/opt/

(exclusions also apply to subdirectories)

Examples of incorrect folder exclusions:

• Windows

Z:\ (where z is a mapped drive)

C:\temp*\

C:\?indows

• Linux

/var/*

/?ar/

File Exclusions

Before you apply any exclusions, make sure to follow these rules.

• Exclusions contain the full path and support subfolders and files within the specified path, except for when using asterisks
• Exclusions do not contain mapped drives
• Exclusions to network locations support full UNC path
• Use of wildcards (asterisks and question marks):
  • Valid for Advanced Protection and Antivirus Protection exclusions
  • Use one asterisk per file name and one question mark per character (Windows only)
  • File paths with asterisks are not supported

Examples of correct file exclusions:

• file*.exe
• C:\data\filename.exe

Examples of incorrect file exclusions:

• C:/data/file*.exe

Create Exclusions

This example excludes files for an individual Windows server. The procedure to exclude files for a workstation or a group of computers is the same. Right-click the appropriate workstation or group in the management UI.

To exclude elements from a scan:

1. In WatchGuard Cloud, select Configure > Endpoints.
2. Select Settings.
3. Select Workstations and servers section and select the profile.
4. In the Edit Settings page, select General.
5. In the Exclusions section, enter exclusions such as:
   • Directories
   • Files
   • Extensions
6. After you enter all exclusions, save the changes.
   These changes will be applied in the next update of the signature file.

To learn about which folders to exclude from antivirus scans in ASP.NET applications, go to the Microsoft article, Folders to exclude from antivirus scanning in ASP.NET applications.

Exclusions in Third-Party Products

If you plan to use WatchGuard Endpoint Security with third-party antivirus software, you must add exclusions in both the third-party product and your WatchGuard Endpoint Security product to make sure that they do not overlap or create false detections.

You should exclude these directories in your antivirus detection software:

%programfiles%\Panda Security

%programfiles(x86)%\Panda Security

%allusersprofile%\Panda Security

Related Topics

Configure Risk Type — Manage Exclusion Impact