Skip to main content

Exclusions

In Antimalware > Exclusions section, you can configure various types of exclusions available supported by the Bitdefender security agent:

  • In-policy exclusions - These are exclusions defined specifically within the current policy. They are ideal for in-house applications or custom tools tailored to your organization’s needs.

  • Exclusions from configuration profiles - These exclusions are created in the Configuration profiles section and can be added to one or more policies. This allows for centralized management and reuse of exclusion lists across multiple policies.

  • Recommended vendor and product exclusions - These are default exclusions provided by Bitdefender for compatibility with common third-party software. When enabling this option, you can choose which exclusions to apply within the policy.

Antimalware exclusions are to be used in special circumstances, or following Microsoft or Bitdefender recommendations. For Microsoft recommendations, refer to the official documentation.

policy_antimalware_exclusions_cp_1180474_en.png

In-policy exclusions

In-policy antimalware exclusions apply to one or more of the following scanning methods:

  • On-access scanning

  • On-execute scanning

  • On-demand scanning

  • Advanced Threat Control (ATC/IDS)

  • Ransomware Mitigation

Important

  • If you have an EICAR test file that you use periodically to test antimalware protection, you should exclude it from on-access scanning.

  • If using VMware Horizon View 7 and App Volumes AppStacks, refer to this VMware document.

Click the toggle to enable the In-policy exclusions section.

policy_antimalware_exclusions_in_policy_cp_1180474_en.png

To add an exclusion rule:

  1. Select the exclusion type from the menu:

    • File: only the specified file.

    • Folder: all files and processes inside the specified folder and from all of its subfolders.

    • Extension: all items having the specified extension.

    • Process: any object accessed by the excluded process.

    • File hash: the file with the specified hash. GravityZone supports the SHA-256 hash algorithm.

      Note

      Adding File Hash type exclusions could result in high CPU usage due to the checksum calculations performed.

    • Certificate hash: all the applications and PowerShell scripts (for Windows endpoints) under the specified certificate hash (thumbprint).

    • Threat Name: any item having the detection name (not available for Linux operating systems).

    • Command Line: the specified command line (available only for Windows operating systems).

    Warning

    In agentless VMware environments integrated with NSX, you can exclude only folders and extensions.

  2. Provide the details specific to the selected exclusion type:

    File, Folder or Process

    Enter the path to the item to be excluded from scanning. You have several helpful options to write the path:

    • Declare the path explicitly:

      For example: C:\temp

      To add exclusions for UNC paths, use any of the following syntaxes:

      \\hostName\shareName\filePath

      \\IPaddress\shareName\filePath

      Note

      To accommodate Linux requirements, GravityZone supports up to 4096 characters when defining paths. To apply this limit on Windows, make sure MAX_PATH is set to support this value on the target machines. Learn more in Microsoft documentation.

    • Use the system variables available in the drop-down menu:

      For process exclusions, you must also add the name of the application's executable file.

      For example:

      %ProgramFiles% - excludes the Program Files folder.

      %WINDIR%\system32 – excludes the system32 folder within the Windows folder.

      %SystemDrive% - excludes the drive where the Windows folder was placed, usually drive C:

      Note

      It is advisable to use system variables (where appropriate) to make sure the path is valid on all target computers.

    • Use wildcards:

      The asterisk (*) substitutes for zero or more characters excepting path delimiters. Double asterisk (**) substitutes for zero or more characters including path delimiters. The question mark (?) substitutes for exactly one character. You can use several question marks to define any combination of a specific number of characters. For example, ??? substitutes for any combination of exactly three characters.

      For example:

      C:\Test\*.* – excludes all files in the Test folder.

      C:\Test\*.png – excludes all PNG files in the Test folder.

      C:\Test\* - excludes all files in the Test folder.

      **\file.txt - excludes all the files that have the name file.txt, regardless where these files are located.

      **\my_folder\*\file.txt - excludes all the folders on all levels above my_folder and all subfolders on a single level under my_folder that contain file.txt.

      **\application*.exe - excludes all the files that have the name application and variations of this name followed by one or more characters, regardless where the files are located.

      C:\MyApp\** - excludes all files and folders in MyApp folder, regardless of the depth level.

      C:\Program Files\WindowsApps\Microsoft.Not??.exe – excludes the Microsoft Notes processes.

    Note

    • The double asterisk (**) can lead to undesired exclusions when misused, therefore we recommend caution.

    • The double asterisk (**) is not available on macOS. On this operating system you can only use the asterisk (*) and the question mark (?) as wildcards.

    Extension

    Enter one or more file extensions to be excluded from scanning, separating them with a semicolon ";". You can enter extensions with or without the preceding dot. For example, enter txt to exclude text files.

    Note

    On Linux-based systems, file extensions are case sensitive and the files with the same name but with different extension are considered distinct objects. For example, file.txt is different from file.TXT.

    File hash, Certificate hash, Threat name, or Command line

    Enter the file hash, certificate thumbprint (hash), the exact name of the threat or the command line depending on the exclusion rule. You can use one item per exclusion.

  3. Select the scanning methods to which the rule applies. Some exclusions may be relevant for just one of the scanning modules (On-access scanning, On-demand scanning, ATC/IDS, Ransomware Mitigation), while others may be recommended for all of the modules.

  4. Optionally, add a description.

  5. Click the add-icon_mdr_204803_en.png Add button.

    The new rule will be added to the policy.

To edit an exclusion:

  1. Click the moreIcon.png More icon in the table.

  2. In the menu, click Edit.

  3. Make the necessary changes.

  4. Click the exclusionsOKicon.png OK button to save the changes.

    Alternately, click the icon-cancel.png Cancel button to discard the changes.

To remove a single exclusion from the list:

  1. Click the moreIcon.png More icon in the table.

  2. In the menu, click Delete.

    The exclusion is removed from the table.

To remove multiple exclusions from the list:

  1. Select the checkboxes corresponding to the exclusions you want to delete.

  2. Click the Delete button at the upper side of the table.

    The exclusions are removed from the table.

Important

On-demand scanning exclusions do NOT apply to contextual scanning. Contextual scanning is initiated by right-clicking a file or folder and selecting Scan with Bitdefender Endpoint Security Tools.

Importing exclusions

You can reuse the exclusion rules in more policies by importing them.

To import custom exclusions:

  1. Click Import at the top of the table. The Import exclusions window opens.

  2. Click Browse and select the CSV file.

  3. Click Import.

    The table is populated with the valid rules.

    Note

    If the CSV file contains invalid rules, a warning informs you of the corresponding row numbers.

    policy_antimalware_exclusions_import_cp_1197584_en.png

Each row in the CSV file corresponds to a single rule, having the fields in the following order:

<exclusion type>, <object to be excluded>, <modules>

These are the available values for the CSV fields:

Exclusion type:

  • 1, for file exclusions

    2, for folder exclusions

    3, for extension exclusions

    4, for process exclusions

    5, for file hash exclusions

    6, for certificate hash exclusions

    7, for threat name exclusions

    8, for command line exclusions

  • Object to be excluded:

    A path or a file extension

  • Modules:

    1, for on-demand scanning

    2, for on-access scanning

    3, for all modules

    4, for ATC/IDS

    6, for Ransomware Mitigation

For example, a CSV file containing antimalware exclusions may look like this:

1,"d:\\temp",1
2,%WinDir%,3
4,"%WINDIR%\\system32",4

Note

The Windows paths must have the backslash (\) character doubled. For example, %WinDir%\\System32\\LogFiles.

Exporting exclusions

To export exclusions:

  1. Click Export at the top of the table.

    Note

    The Export button is available only for saved policies. To ensure you export the most recent rules, save the policy after making changes.

  2. In the confirmation window, click Export.

    The exclusions will be saved locally in your default download folder as a CSV file.

Exclusions from configuration profiles

To add exclusions from configuration profiles:

  1. Click the toggle to enable the Exclusions from configuration profiles section.

  2. Select at least one exclusion list and click Apply.

  3. Click the add-icon_mdr_204803_en.png Add button.

Note

For more details on how to create and manage exclusion lists, refer to Configuration profiles .

policy_antimalware_exclusions_configuration_profiles_cp_1197577_en.png

Vendor and product exclusions

Vendor and product exclusions refer to all recommended exclusions included in Bitdefender security agent. This option is enabled by default.

Caution

You can choose to disable vendor and product exclusions, if you want to scan all types of objects, but this option will considerably impact the machine performance and will increase the scan time.

To customize the list of vendor and product exclusions:

  1. Click the Custom button.

  2. Select at least one vendor or product in the drop-down list and click Apply.

  3. Click the add-icon_mdr_204803_en.png Add button.

    Only the selected exclusions will apply to the policy.

policy_antimalware_exclusions_vendors_products_cp_1197648_en.png
In this section: