Exclude Files and File Paths from Scans

Applies To: WatchGuard Advanced EPDR This topic applies to the WatchGuard Advanced EPDR endpoint security product., WatchGuard EPDR This topic applies to the WatchGuard EPDR endpoint security product., WatchGuard EDR This topic applies to the WatchGuard EDR endpoint security product., WatchGuard EPP This topic applies to the WatchGuard EPP endpoint security product.

Settings vary for WatchGuard Advanced EPDR, EPDR, EDR, EDR Core, and EPP. Throughout this documentation, WatchGuard Endpoint Security refers generally to all products. If you do not have a setting in the Endpoint Security management UI, it is not supported by your product.

In the General settings of a workstations and servers settings profile, you can exclude files and paths from scans. Exclusions can also be used when you have compatibility or performance issues and want to troubleshoot the issue. Exclusions disable antivirus and advanced protection for the specified files and file paths. We recommend that you only exclude files and paths to resolve performance problems.

To run a unclassified program, such as an uncommon program with few users, you do not have to add an exclusion. To unblock an unclassified program, add it to the Authorized Software list. For more information, go to Configure Authorized Software Settings (Windows Computers).

Add Exclusions to Service Provider Settings

By default, you cannot edit or delete the workstations and servers settings assigned by your Service Provider. If the Service Provider configured scan exclusions to be editable, the setting profile shows the label, Editable Exclusions. You can add exclusions but you cannot delete or edit the list of exclusions defined by the Service Provider.

If your Service Provider changes the status of the settings from editable to non-editable, the exclusions you added no longer apply. Only the exclusions from the Service Provider apply. If the Service Provider changes the configuration again to be editable, then the exclusions you previously added are restored and applied.

Configure Scan Exclusions

Endpoint Security does not block, delete, or disinfect excluded items when it scans for malware. We recommend that you only exclude files and paths to resolve performance problems.

To configure scan exclusions:

1. In WatchGuard Cloud, select Configure > Endpoints.
2. Select Settings.
3. From the left pane, select Workstations and Servers.
4. Select an existing security settings profile to edit, copy an existing profile, or in the upper-right corner of the page, click Add to create a new profile.
   The Add Settings or Edit Settings page opens.
5. Enter a Name and Description for the profile, if required.
6. Select General.

7. To exclude all files with specific extensions, in the Files and Paths Excluded from Scans section, in the Extensions text box, type file extensions, separated by commas.
   For example, exe, com.
8. To exclude a specific file, in the Files text box, type the file name and path to exclude.
   For example, C:\windows\system32\filename.dll. Separate multiple entries with commas. You can use wildcard characters ? and *.
   • If you do not specify the path to a file, the file is excluded from scans in all folders where it is located. If you specify the path, the file is excluded from scans only in that folder. You cannot use wildcards when specifying the full path to a file.
   • To exclude folders from the antivirus scan, you can use system variables.
   • To exclude folders from the advanced protection module, you can use system and user variables. User variables such as %appdata% are user dependent and the path they point to varies depending on which user is logged in to Windows. Systems variables such as %windir% are global and the same to every user account on the Windows computer, regardless of the user logged in to the system.
9. To exclude all files in a specific location, in the Folders text box, type a folder path.
   For example, C:\windows\system32 , \\192.168.21.23\test, and %ProgramFiles%\Test. You cannot exclude folders using user-created variables.
10. To exclude email attachments with specific file extensions, in the Extensions text box, type the file extensions for an attachment, separated by commas.
    For example, exe.
11. Click Save.
12. Select the profile and assign recipients, if required.
    For more information, go to Assign a Settings Profile.

Related Topics

Create Exclusions in WatchGuard Endpoint Security

Configure Risk Type — Manage Exclusion Impact

Manage Settings Profiles

Copy a Settings Profile

Edit a Settings Profile

Assign a Settings Profile

Configure Workstations and Servers Security Settings