How to Configure Exclusions for Security Manager - AV Defender

Last Modified

Tue Jun 16 08:49 GMT 2020

Description

  • This article provides information on configuring AV Defender exclusions
  • When planning system scans, exclusions should be added to folders, processes, and paths for programs that you do not want to be scanned
  • You can configure AV Defender to exclude folders, files, and file types from the On Access, On Demand, or Scheduled scans.

Environment

  • N-able N-central
  • AV Defender

Solution

  • AV Defender exclusions can be defined at three levels:
    • SO Level > Configuration > Security Manager > Global Exclusions
    • Customer Level > Configuration > Security Manager > Global Exclusions
    • AV Defender Profile > General Settings > Exclusions
  • Within the process section you can define exclusions for processes.
  • To exclude a process, the path and process name should be explicitly defined with no wildcards (but you CAN use environment variables here):
    • For example: C:\Program Files\process.exe
    • When creating a process exclusion you will also need to create a file exclusion for the same file.
  • Within the File/Folder section you can define exclusions for files, folders and file extensions.
  • To exclude a file, the full path should be provided:
    • For example: C:\Users\Administrator\Documents\file.txt.
  • To exclude a folder, the full path should be provided including its trailing backslash.
  • Doing so would exclude all files in the folder and sub-folders:
    • For example: C:\Users\Administrator\Documents\
  • To exclude an extension, there should be no preceding dots or period and the exclusion should be separated from each extension:
    • For example: xlsm or docm.
  • Within the Network Scan section you can define exclusions for IPs, URL and Applications.
  • To exclude an IP, enter in the desired IP address, which also supports wildcards:
    • For example: 192.168.0.*
  • To exclude a URL enter in the url including the correct protocol i.e. http/https.
  • Wildcards are supported, which are recommended as some sites have re-directs which you will also need to exclude:
    • For example: https://*n-able.com/*
  • To exclude an application you can use wildcards so it's not required to use the path.
    • This only works with the firewall module
  • Each exclusion can only include one item - you cannot concatenate multiple items in the same exclusion.
  • Exclusions can be enable or disabled under the Agent Attempted Action and you cannot delete defaults.
  • SO Global Exclusions cannot be enabled or disabled under the customer level global exclusions.
  • Exclusions for UNC Paths (\\server\folder\) must be added in two places:
    • File/Folder tab (as type of Folder)
    • Network Scan tab (as type of URL, and with a trailing asterisk (eg: \\server\folder\*))
    • While not necessarily a requirement, it's a good idea to ensure that the server is designated as a static IP to help rule out any DNS issues when AV Defender attempts to validate the path prior to applying the exclusion
As of N-able N-central 12.1, there is a limit of 1024 exclusions, and any above that count will be ignored. They are presented to AV Defender from the agent starting with System level exclusions, then SO, then customer, then site. After those are presented, the profile-based exclusions are presented. For more information on this limitation, please refer to https://secure.n-able.com/webhelp/NC_12-1-0_en/Content/AVDefender/AVDefender__Config_GlobalExclusions.htm