Exclusions can apply to on-access scanning and on-demand scanning. Based on the object of the exclusion, there are a number of different types of exclusions.
Excludes security scanning of the image in memory and the action of the process. These are the most common exclusions that you will use with AV Defender. They are typically used when troubleshooting application conflicts, performance issues, and application performance issues. You can also configure process exclusions for on-access scanning, Active Virus Control, and Intrusion Detection Systems.
If you exclude a process, its actions are also excluded, however the actions of its "children" are not. For example, if iexplore.exe is excluded and it runs virus.exe, AV Defender will not scan the virus.exe file when it runs. However, if virus.exe then attempts to execute killmypc.exe, AV Defender will scan it and catches it if it is malicious.
Excludes the file image from being scanned. You should only configure this in circumstances where the scanning itself is causing issues or if removal from the files can be damaging. Example exclusions include:
- File: Only the specified file is excluded from security scanning.
- Folder: All files in a specified folder and all of its subfolders are excluded from security scanning.
- Extension: All files with the specified extension are excluded from security scanning.
Examples of using File/Folder exclusions would be to exclude a backup destination location as the high I/O rate of backup software could be impacted by scanning during a write operation, or to exclude database files as packaged database files can become corrupted if cleaning is attempted.
Excludes all network-level filtering from security scanning including antivirus and anti-malware scanning of TCP traffic, content filtering by category, anti-phishing, and search advisors/browser toolbars. Use Network exclusions to troubleshoot issues with any network centered application including:
- Being unable to access server applications.
- Being unable to connect to network resources.
- Being unable to connect to the Internet.
- Web pages not functioning as expected.
Use scan exclusions in special circumstances or following Microsoft or Bitdefender recommendations. When configuring exclusions, note that MSP N-central does not support the use of wildcard characters for excluding files and file types. If you have an EICAR test file that you use periodically to test anti-malware protection, exclude it from on-access scanning.
For the best results, use the exclusion type that accomplishes specific goals:
- Process: Used to resolve application conflicts, performance issues, and reduce impact on key business applications.
- File/Folder - Used to avoid false positive errors or for heavy traffic folders, such as backup destinations.
- Network: Used to exclude a web site from being scanned. Exclusions will apply to all modules.
By default, AV Defender includes preconfigured exclusions following guidelines provided by MSP N-central and Microsoft. These preconfigured exclusions are embedded in AV Defender and are not subject to user modification.
The preconfigured exclusions that follow Microsoft guidelines are described at http://support.microsoft.com/kb/822158.
The MSP N-central preconfigured exclusions include: