Protection Policy: Exclusions
There may be legitimate files, folders and processes detected by Managed Antivirus scans as a threat. To ignore these files when scanning, add the files to the Exceptions list. For visibility the window displays the Exception Type (File / Process, Folder, File Extension) along with the entered Value.
Where configured, exclusions are applied to File, On-Access and On-Demand scans including Quick and Deep scans. Only process exclusions apply to Behavioral scans.
Bitdefender partners with Microsoft to create smart exclusions based on Microsoft recommendations. These smart exclusions are automatically included in the background for each Protection Policy (so do not appear in the Exclusions list) and are applied by the Bitdefender engine according to the scanned device’s Operating System.
As such when using the Bitdefender engine there is no requirement to create individual Protection Policies to scan different Operating System types, unless these policies are to include custom exclusions or settings that only apply to specific Operating systems.
Wildcard Characters
Managed Antivirus supports the use of both environmental variables and wildcard characters in exclusions for paths, threat-names, hashes and certificates.
Wildcards in the following character set are supported:
? # & ; @ * + ^
Support for wildcard characters was introduced in the Managed Antivirus (Bitdefender) engine released on 25th February 2020.
System Variables
File / Process and Folder Exceptions support Windows environmental variables, for example %PROGRAMFILES%
, %WinDir%
, etc.
You can add file, folder or process exclusions using the following UNC path syntaxes:
\\hostName\shareName\objectPath \\IPaddress\shareName\objectPath
The Windows Managed Antivirus Master Services runs under the Local System Account. Any Bitdefender exclusions based on system variables, including %APPDATA%
and %LOCALAPPDATA%
are only applied to files where a user is logged into the computer at the time of the scan.
System variables are only supported at the beginning of the path, they cannot be added later in the path sequence. For example, to exclude a specific folder from Program Files, enter:
%ProgramFiles%\Folder1\File.exe
not C:\Users\Someone\%LOCALAPPDATA%\Folder1\File.exe
Exclusions - Supported Windows System Variables contains a list of the more commonly used and supported Windows system variables.
Adding an Exclusion
Exclusions prevent Managed Antivirus from scanning the entered exceptions. To prevent the introduction of a potential security vulnerability, we suggest that you check the planned exclusion to make sure it is not one commonly targeted by malware.
- Click Add
- Select the Exception Type from the drop-down
- Populate the exception field
- Save to store the exclusion
Exception Type | Note |
---|---|
File / Process |
To exclude a file or process from scans enter its full path. |
Folder |
To exclude a folder (and all its contents) from scans enter its full path. |
File Extension |
To exclude a file extension from scans enter its extension. e.g. jpg, txt, avi, png |
Multiple Copies of a file across User profiles
To exclude all versions of a file where there are multiple copies across different user's profiles, either:
- Create exclusions containing the user's name for each instance of the file
- Submit a support request to analyze and add the file to the system allow-list.
Windows 10 - Case Sensitive Folders
Configurable on a per-folder basis. Windows 10 April 2018 Update (version 1803) introduced case sensitivity. When adding an exclusion involving a case sensitive folder. The entered path must precisely match the file and folder case. Where the exclusion is not a precise match, Managed Antivirus is unable to exclude this folder or file and includes it in the scan. Further information is available from Windows 10: Case sensitive file and folder names.
Remove an Exclusion
- Highlight the entry in the list of exclusions
- Click the Remove button
Edit an Exclusion
- Highlight the entry in the list of exclusions
- Click the Edit button
- Amend the exclusion as needed
- Click Save to apply
What do you want to do?
- Review the Managed Antivirus Quick Start Guide
- View Managed Antivirus URLs
- Enable Managed Antivirus on individual servers and workstations or on all servers and workstations at a client or site