Directly contact our Support Team

Managing Antimalware Exclusions in GravityZone

Whether you have some custom applications which may be detected as false positives, or just some folders you do not want to scan regularly, you can exclude these from antimalware scanning by defining exclusion rules. Antimalware exclusions apply to on-access and on-demand scanning, and to Advanced Threat Control (ATC/IDS).

Learn how to manage antimalware exclusions from the guidelines described hereinafter.

Types of Exclusions

GravityZone has two sets of exclusions:

  • Built-in Exclusions. These exclusions are enabled by default and included in the Bitdefender security agent. Please note that diabling the built-in exclusions will considerably impact the machine performance and will increase the scan time.
  • Custom exclusions. You can add exclusions for specific objects which you want the scanning engines to ignore.

You can define exclusions for the following types of target objects:

Object type Applicable modules Description
File On-demand scanning
On-access scanning
The specified file is excluded from scanning.
Folder On-demand scanning
On-access scanning
All files inside the specified folder and all of its subfolders are excluded from scanning.
Extension On-demand scanning
On-access scanning
All files having the specified extension are excluded from scanning.
Process On-access scanning
Advanced Threat Control (ATC/IDS)
Any object accessed by the excluded process is also excluded from scanning.
important Important:
  • Scan exclusions are to be used in special circumstances or following Microsoft or Bitdefender recommendations. For an updated list of exclusions recommended by Microsoft, please refer to this Microsoft article. If you have an EICAR test file that you use periodically to test antimalware protection, you should exclude it from on-access scanning.
  • On-demand scanning exclusions do NOT apply to contextual scanning. Contextual scanning is initiated by right-clicking a file or folder and selecting Scan with Bitdefender Endpoint Security Tools.
  • If using VMware Horizon View 7 and App Volumes AppStacks, refer to this VMware document.
  • You can add file, folder or process exclusions using the UNC path syntaxes:
    \\hostName\shareName\objectPath
    \\IPaddress\shareName\objectPath
  • On Linux-based systems, file extensions are case sensitive and the files with the same name but with different extension are considered distinct objects. For example, file.txt is different from file.TXT.

Enabling Custom Exclusions

To enable the antimalware exclusions:

  1. Go to the Policies page.
  2. Open a policy template by adding or editing a policy.
  3. Go to the Antimalware > Settings section.
  4. Select the Custom Exclusions check box.
  5. Add the exclusion rules. For more info, refer to Configuring Custom Exclusions.
  6. Click Save.

Configuring Custom Exclusions

To add a custom exclusion rule:

  1. Go to the Policies page.
  2. Open a policy template by adding or editing a policy.
  3. Go to the Antimalware > Settings section of the policy. Notice the table under the Custom Exclusions section.
  4. Select the type of object to be exluded from the drop-down menu.
  5. Enter the details to identify the object:
    • For files, folders or processes

      Enter the path to the objects to be excluded. For processes, add the application's executable filename.

      It is advisable to use system variables (where appropriate) to make sure the path is valid on all target computers. You can select such a predefined location from the drop-down menu.

      For example, to exclude a specific folder from Program Files, select %ProgramFiles% from the menu, add a backslash (\), and then enter the remaining path to your folder.

    • For extensions

      Enter one or more file extensions, separated by semicolon (;). You can enter extensions with or without the preceding dot. For example, enter txt to exclude text files.

      note Note:
      Before you exclude extensions, check which extensions are commonly targeted by malware.
  6. Select the scanning modules to which the rule should apply. For details on applicability, refer to Types of Exclusions.
  7. Click the Add button at the right side of the table.

To remove a rule from the list, click the associated Delete button.

Exporting Exclusions

If you intend to reuse the exclusion rules in more policies, you can choose to export and import them.

To export custom exclusions to a CSV file:

  1. Go to the Policies page.
  2. Open a policy template by adding or editing a policy.
  3. Go to the Antimalware > Settings > Custom Exclusions section.
  4. Click the Export button.
  5. Save the CSV file to your computer.

Depending on your browser settings, the file may download automatically, or you will be asked to save it to a location.

Each row in the CSV file corresponds to a single rule, having the fields in the following order:

object_type, object_to_be_excluded, modules

These are the available values for the CSV fields:

Object type Object to be excluded Modules
1 - for files
2 - for folders
3 - for extensions
4 - for processes
Full path to file or application executable, including filename
Path to folder
File extension
1 - for on-demand scanning
2 - for on-access scanning
3 - for all modules
4 - for ATC/IDS

For example, a CSV file containing antimalware exclusions may look like this:

1,"d:\\temp",1
1,%WinDir%,3
4,"%WINDIR%\\system32",4
important Important:
For Windows paths, you must enter the backslash (\) character twice. For example: %WinDir%\\System32\\LogFiles

Importing Exclusions

To import custom exclusions from a CSV file:

  1. Go to the Policies page.
  2. Open a policy template by adding or editing a policy.
  3. Go to the Antimalware > Settings > Custom Exclusions section.
  4. Click Import.
    The Import Policy Exclusions window opens.
  5. Click Add and then select the CSV file.
  6. Click Save.
    The table is populated with the valid rules. If the CSV file contains invalid rules, a warning informs you of the corresponding row numbers.

Overriding Exclusions

You can run scan tasks with another set of exclusions than the general ones in the Antimalware > Settings policy section. These exclusions apply only to on-demand scanning.

  1. Open the custom scan task configuration window:
    • For instant scan tasks (runs once)
      1. Go to the Network page.
      2. Select the target endpoints.
      3. Click the Tasks button in the Action Toolbar and select Scan.
      4. In the General tab, select Custom scan.
    • For scheduled scan tasks
      1. Go to the Policies page.
      2. Open the policy template assigned to your target endpoint.
      3. Go to the Antimalware > On-demand section.
      4. Click Add, and then select Custom. If you already have a task created, select the task from the list.
  2. Configure the other available settings. For details, refer to Managing Network Objects > Computers > Running Tasks > Scan section of the GravityZone Administrator's Guide.
  3. In the Target tab > Exclusions section, choose the option Define custom exclusions for this scan.
  4. Add the exclusion rules. For more info, refer to Configuring Custom Exclusions.
  5. Click Save. To add the exclusion rule.
  6. Click Save once more to save the policy.

Rate this article:

Submit