How to create exclusions with products based on Aether Platform

Information applies to:

Situation

You need to exclude files and/or folders from scanning in products based on Aether Platform.

WARNING! Using file and path exclusions prevents certain items or areas on the computer from being scanned. Unknown software won't be prevented from running. This, however, could represent a security hole and is not recommended for use except where there are problems with the computer's performance. We recommend that you use the Authorized Software feature to configure safe exclusions.

Preliminary steps

• Folder exclusions:
  • Exclusions support full path.
  • Exclusions do not support mapped drives.
  • Exclusions to network locations support full UNC path.
  • User and system environment variables are supported for Advanced Protection. System environment variables are supported for Antivirus protection. Note that variables created by the user are not supported.
  • Wildcards (asterisks and question marks) are not supported.
    
    Examples of correct folder exclusions:
    • Windows
      
      C:\windows\system32
      \\192.168.21.23\test
      %ProgramFiles%\Test
    • Linux
      /var/log
      /opt/
      (it excludes folders recursively, that is, scan exclusions will be applied to subdirectories as well.)

Examples of incorrect folder exclusions Windows:

Z:\ (where z is a mapped drive)
C:\temp*\
C:\?indows

Examples of incorrect folder exclusions Linux:

/var/*
/?ar/

• File exclusions:
  • Exclusions support full path, except for when using asterisks (see examples below).
  • Exclusions do not support mapped drives.
  • Exclusions to network locations support full UNC path.
  • Use of wildcards (asterisks and question marks):
    • Supported from version 3.61.00, although, for security reasons, we don't recommend its use.
    • Valid for Advanced Protection and Antivirus Protection exclusions.
    • Use one asterisk per file name and one question mark per character (Only for Windows).
    • File paths when using asterisks not supported.
      
      Examples of correct use:
      
      file*.exe
      C:\data\filename.exe
      
      Examples of incorrect use:
      
      C:/data/file*.exe

Solution

Follow the instructions below in order to exclude elements from the scan:

NOTE: The example below covers excluding files for an individual Windows server, but the procedure to exclude files for a workstation or a group of machines is the same. Just right click on the appropriate container in the console.

1. Access the Web Console.
2. In the Settings tab, Workstations and servers section, select the profile that you want.
3. Once in the Edit settings screen, select General option and go to Exclusions.
4. On the Exclusions section enter any needed exclusions, such as:
   • Directories
   • Files
   • Extensions
5. Once all exclusions have been included, save the changes. These changes will be applied in the next update of the signature file.
   
   
   In the case of using ASP.net applications, find out which folders to exclude from the antivirus scan by reading the MSDN (Microsoft Development Network) article called ASP.net Anti-virus Exclusion List.
   
   For additional information on the latest Microsoft exclusions, you can periodically review the Microsoft Anti-Virus Exclusion List page available in Microsoft's TechNet Wiki page.