> Security Manager > Global Exclusions

Global Exclusions

Exclusions can apply to on-access scanning and on-demand scanning. Based on the object of the exclusion, there are a number of different types of exclusions.

Process

Excludes security scanning of the image in memory and the action of the process. These are the most common exclusions that you will use with AV Defender. They are typically used when troubleshooting application conflicts, performance issues, and application performance issues. You can also configure process exclusions for on-access scanning, Active Virus Control, and Intrusion Detection Systems.

If you exclude a process, its actions are also excluded, however the actions of its "children" are not. For example, if iexplore.exe is excluded and it runs virus.exe, AV Defender will not scan the virus.exe file when it runs. However, if virus.exe then attempts to execute killmypc.exe, AV Defender will scan it and catches it if it is malicious.

File/Folder

Excludes the file image from being scanned. You should only configure this in circumstances where the scanning itself is causing issues or if removal from the files can be damaging. Example exclusions include:

  • File: Only the specified file is excluded from security scanning.
  • Folder: All files in a specified folder and all of its subfolders are excluded from security scanning.
  • Extension: All files with the specified extension are excluded from security scanning.

Examples of using File/Folder exclusions would be to exclude a backup destination location as the high I/O rate of backup software could be impacted by scanning during a write operation, or to exclude database files as packaged database files can become corrupted if cleaning is attempted.

Network

Excludes all network-level filtering from security scanning including antivirus and anti-malware scanning of TCP traffic, content filtering by category, anti-phishing, and search advisors/browser toolbars. Use Network exclusions to troubleshoot issues with any network centered application including:

  • Being unable to access server applications.
  • Being unable to connect to network resources.
  • Being unable to connect to the Internet.
  • Web pages not functioning as expected.

Use scan exclusions in special circumstances or following Microsoft or Bitdefender recommendations. When configuring exclusions, note that MSP N-central does not support the use of wildcard characters for excluding files and file types. If you have an EICAR test file that you use periodically to test anti-malware protection, exclude it from on-access scanning.

Best Practice

For the best results, use the exclusion type that accomplishes specific goals:

  • Process: Used to resolve application conflicts, performance issues, and reduce impact on key business applications.
  • File/Folder - Used to avoid false positive errors or for heavy traffic folders, such as backup destinations.
  • Network: Used to exclude a web site from being scanned. Exclusions will apply to all modules.

Pre-configured Exclusions

By default, AV Defender includes preconfigured exclusions following guidelines provided by MSP N-central and Microsoft. These preconfigured exclusions are embedded in AV Defender and are not subject to user modification.

The preconfigured exclusions that follow Microsoft guidelines are described at http://support.microsoft.com/kb/822158.

The MSP N-central preconfigured exclusions include:

Excluded Applications Association
agent.exe Windows Agent
AgentMaint.exe Windows Agent
AgentMonitor.exe Windows Agent
AVDIU.exe Windows Agent
BASupTSHelper.exe Windows Agent  
bitsadmin.exe Windows Agent
ESCleaner.exe Windows Agent
KillWTSMessageBox.exe Windows Agent
NAAgentImplServer.exe Windows Agent
NableAVDBridge.exe Windows Agent
NableAVDUSBridge.exe Windows Agent
NRMInstallHelper.exe Windows Agent
PIU.exe Windows Agent
Popup.exe Windows Agent
ProxyConfig.exe Windows Agent
RebootMessage.exe Windows Agent
AMTPowerManager.exe Windows Probe
NableUpdateDiagnose.exe Windows Probe
NableUpdateService.exe Windows Probe
RemoteService.exe Windows Probe
 
Excluded Applications Association
VmWareClient.exe Windows Probe
wsp.exe Windows Probe
WSPMaint.exe Windows Probe
WSPMonitor.exe Windows Probe
NableAVDBridge.exe Tools
NableAVDUSBridge.exe Tools
ThirdPartyPatch.exe Patch Management
BASupApp.exe MSP Connect  

 

Excluded Applications Association
agent.exe Windows Agent
AgentMaint.exe Windows Agent
AgentMonitor.exe Windows Agent
AVDIU.exe Windows Agent
BASupTSHelper.exe Windows Agent
bitsadmin.exe Windows Agent
ESCleaner.exe Windows Agent
KillWTSMessageBox.exe Windows Agent
NAAgentImplServer.exe Windows Agent
NableAVDBridge.exe Windows Agent
NableAVDUSBridge.exe Windows Agent
NRMInstallHelper.exe Windows Agent
PIU.exe Windows Agent
Popup.exe Windows Agent
ProxyConfig.exe Windows Agent
RebootMessage.exe Windows Agent
AMTPowerManager.exe Windows Probe
NableUpdateDiagnose.exe Windows Probe
NableUpdateService.exe Windows Probe
RemoteService.exe Windows Probe
VmWareClient.exe Windows Probe
wsp.exe Windows Probe
WSPMaint.exe Windows Probe
WSPMonitor.exe Windows Probe
NableAVDBridge.exe Tools
NableAVDUSBridge.exe Tools
ThirdPartyPatch.exe Patch Management
BASupApp.exe MSP Connect