Global Exclusions
Exclusions can apply to on-access and on-demand scanning. Based on the object of the exclusion, there are a number of different types of exclusions.
For information on creating exclusions for scans, see Configure Global Exclusions.
Windows 10 offers an optional case-sensitive file system. How the Windows device is configured can affect how you enter the search criteria in the search field on the Global Exclusions page.
Process
This excludes the security scanning of the image in memory and the action of the process. These are the most common exclusions that you will use with AV Defender. They are typically used when troubleshooting application conflicts, performance issues, and application performance issues. You can also configure process exclusions for on-access scanning, Active Virus Control, and Intrusion Detection Systems.
When configuring a process exclusion, only full file paths with an extension are valid. You can also include environment variables that appear in the drop-down menu when specifying a path for exclusion. Custom environment variables are not supported.
If you exclude a process, its actions are also excluded, however the actions of its "children" are not. For example, if iexplore.exe is excluded and it runs virus.exe, AV Defender will not scan the virus.exe file when it runs. However, if virus.exe then attempts to execute killmypc.exe, AV Defender will scan it and catches it if it is malicious.
There is no limit to the number of process that can be excluded.
File/Folder
This excludes the file image from being scanned. You should only configure this in circumstances where the scanning itself is causing issues or if removal from the files can be damaging. Example exclusions include:
- File: Only the specified file is excluded from security scanning.
- Folder: All files in a specified folder and all of its subfolders are excluded from security scanning.
- Extension: All files with the specified extension are excluded from security scanning.
Examples of using File/Folder exclusions include backup destination locations, database files and PST or OST files.
Network
This excludes all network-level filtering from security scanning including antivirus and anti-malware scanning of TCP traffic, content filtering by category, anti-phishing, and search advisors/browser toolbars. Use Network exclusions to troubleshoot issues with any network centered application including:
- Being unable to access server applications.
- Being unable to connect to network resources.
- Being unable to connect to the Internet.
- Web pages not functioning as expected.
Use scan exclusions in special circumstances or following Microsoft or Bitdefender recommendations. When configuring exclusions, note that N-able N-central does not support the use of wildcard characters for excluding files and file types. If you have an EICAR test file that you use periodically to test anti-malware protection, exclude it from on-access scanning.
Best practice
For the best results, use the exclusion type that accomplishes specific goals:
- Process: Used to resolve application conflicts, performance issues, and reduce impact on key business applications.
- File/Folder - Used to avoid false positive errors or for heavy traffic folders, such as backup destinations.
- Network: Used to exclude a web site from being scanned. Exclusions will apply to all modules.
To avoid false positives, exclude the following MSPA executables from the C:\ProgramData\GetSupportService_N-Central\Updates\ folder:
- MSPA4NCentral-6.77.77-BUILD-20161219-B-20161221163111.exe
- MSPA4NCentral-6.80.00-BUILD-20170120-C-20170130181221.exe
- MSPA4NCentral-6.80.01-BUILD-20170131-20170131113836.exe
- MSPA4NCentral-6.80.10-BUILD-20170405-20170410160818.exe
- MSPA4NCentral-6.80.17-BUILD-20170801-20170810174900.exe
- Update_20161213081614.exe
- Update_20170321174328.exe
- Update_20170525043038.exe
- Update_20170621174604.exe
- Update_20171117142950.exe
- Update_20180302141746.exe
- Update_20180730120602.exe
Also exclude the following folders and files
- C:\Program Files (x86)\N-able Technologies\Reactive\bin\
- C:\Program Files (x86)\N-able Technologies\Reactive\bin\NableCommandPromptManager32.exe
- C:\Program Files (x86)\N-able Technologies\Reactive\bin\NableCommandPromptManager64.exe
- C:\Program Files (x86)\N-able Technologies\Reactive\bin\NableReactiveManagement.exe
- C:\Program Files (x86)\msp-agent\
- C:\ProgramData\mspagent\
If you are using MSPAnywhere/Take Control, add these exclusions:
- C:\Program Files (x86)\BeAnywhere Support Express\GetSupportService_N-Central\
- C:\Program Files (x86)\BeAnywhere Support Express\GetSupportService_N-Central\BASupSrvc.exe
- C:\Program Files (x86)\BeAnywhere Support Express\GetSupportService_N-Central\BASupSrvcCnfg.exe
Patch Manager Engine exclusions for third party AV software
N-able N-central software (agents and probes) must be excluded from third party antivirus scans in order to function properly.
N-able recommends that you add the following path to the list of exclusions from security scans:
Folders
- <install path>\N-able Technologies\
- %Programfiles(x86)%\MspPlatform\PME
- %Programfiles(x86)%\MspPlatform\FileCacheServiceAgent
- %Programfiles(x86)%\MspPlatform\RequestHandlerAgent
- %ProgramData%\MspPlatform
- %Programfiles(x86)%\BeAnywhere Support Express
- %Programfiles(x86)%\N-able Technologies\Windows Agent
- %Programfiles(x86)%\N-able Technologies\Ecosystem Agent
Files
- %Programfiles(x86)%\MspPlatform\FileCacheServiceAgent\FileCacheServiceAgent.exe
- %Programfiles(x86)%\MspPlatform\PME\ThirdPartyPatch\7z.exe
- %Programfiles(x86)%\MspPlatform\PME\ThirdPartyPatch\ThirdPartyPatch.exe
- %Programfiles(x86)%\MspPlatform\PME\Installers\CacheServiceSetup.exe
- %Programfiles(x86)%\MspPlatform\PME\Installers\RPCServerServiceSetup.exe
- %Programfiles(x86)%\MspPlatform\PME\Diagnostics\PME.Diagnostics.exe
- %Programfiles (x86)\MspPlatform\PME\PME.Agent.exe
- %Programfiles(x86)%\MspPlatform\RequestHandlerAgent\RequestHandlerAgent.exe
-
%Programfiles(x86)%\N-able Technologies\Windows Agent\bin\Agent.exe
-
%Programfiles(x86)%\MspPlatform\PME\Installers\FileCacheServiceAgentSetup.exe
-
%Programfiles(x86)%\MspPlatform\PME\Installers\RequestHandlerAgentSetup.exe
This is not required for security solutions integrated with N-able N-central; for example, AV Defender.
Your firewall must be not blocking following communication channels:
HTTP and HTTPS communication (port 80 and port 443) between the FileCacheServiceAgent windows service (%Programfiles(x86)%\MspPlatform\FileCacheServiceAgent\FileCacheServiceAgent.exe) and the sis.n-able.com server.
If you use probe, then firewall must not block communication between the FileCacheServiceAgent windows service and the Probe machine on port 15000.
Expandable variables
Expandable variables are applied for File Scan, Quick and Full scans and on the Behavioral Scan module. The exclusions are expanded at run time, so that filters use the list of exclusions already expanded and normalized.
| Variable | Folder Id |
|---|---|
| %windir% | FOLDERID_Windows |
| %system% | FOLDERID_System |
| %system(x86)% | FOLDERID_SystemX86 |
| %programfiles% | FOLDERID_ProgramFiles |
| %programfiles(x86)% | FOLDERID_ProgramFilesX86 |
| %commonprogramfiles% | FOLDERID_ProgramFilesCommon |
| %commonprogramfiles(x86)% | FOLDERID_ProgramFilesCommonX86 |
| %commonappdata% | FOLDERID_ProgramData |
| %programdata% | FOLDERID_ProgramData |
| %allusersprofile% | FOLDERID_ProgramData |
| %commondocuments% | FOLDERID_PublicDocuments |
| %commondesktop% | FOLDERID_PublicDesktop |
| %commonmusic% | FOLDERID_PublicMusic |
| %commonvideo% | FOLDERID_PublicVideos |
| %commonpictures% | FOLDERID_PublicPictures |
| %userprofile% | FOLDERID_Profile |
| %appdata% | FOLDERID_RoamingAppData |
| %localappdata% | FOLDERID_LocalAppData |
| %mydocuments% | FOLDERID_Documents |
| %desktop% | FOLDERID_Desktop |
| %mymusic% | FOLDERID_Music |
| %myvideo% | FOLDERID_Videos |
| %mypictures% | FOLDERID_Pictures |
Pre-configured Exclusions
By default, AV Defender includes preconfigured exclusions following guidelines provided by N-able N-central and Microsoft. These preconfigured exclusions are embedded in AV Defender and are not subject to user modification. Files are located in the associated N-able Technologies agent/probe folders on the device or server.
Windows agent exclusions
| agent.exe | NAAgentImplServer.exe |
| AgentMaint.exe | NableAVDBridge.exe |
| AgentMonitor.exe | NableAVDUSBridge.exe |
| AVDIU.exe | NRMInstallHelper.exe |
| BASupTSHelper.exe | PIU.exe |
| bitsadmin.exe | Popup.exe |
| ESCleaner.exe | ProxyConfig.exe |
| KillWTSMessageBox.exe | RebootMessage.exe |
Windows probe exclusions
| AMTPowerManager.exe | VmWareClient.exe |
| NableUpdateDiagnose.exe | wsp.exe |
| NableUpdateService.exe | WSPMaint.exe |
| RemoteService.exe | WSPMonitor.exe |
Other
- NableAVDBridge.exe
- NableAVDUSBridge.exe
- ThirdPartyPatch.exe
- BASupApp.exe
Backup Manager exclusions
Files are located in the associated Backup Manager folders on the device or server.
| BackupIP.exe | mysql.exe |
| BRMigrationTool.exe | InstallDriver.exe |
| ClientTool.exe | vddkReporter.exe |
| VdrAgent.exe | vmware-vdiskmanager.exe |
| BackupUP.exe | BackupFP.exe |
| ProcessController.exe | BackupUP.exe |
| BackupFP.exe | BackupIP.exe |
| xtrabackup.exe | vmware-mount.exe |
| vmware-mount.exe | vmware-vdiskmanager.exe |