Skip to main content

Adding process exclusions for Mac in GravityZone

As a GravityZone administrator, you can configure process exclusions for Mac computers in the Policies > Configuration Profiles page and in the policy settings, under Antimalware and Network Protection.

Overview

In macOS, the entities listed in the Applications folder are in fact containers that include all binary files, libraries, and dependencies for those apps.

Therefore, when configuring profiles or adding antimalware exclusions, you must enter the entire path to the executable file from the application’s container. When adding exclusions in Network Protection, you only need to enter the name of the executable file.

To browse one container and obtain the name of the executable file, right-click that container and select Show Package Contents.

69763_1.png

Usually, the path to the executable file is /Application.app/Contents/MacOS/binary, where Application.app is the name of the container and binary is the name of the executable file.

For example, the complete path for the Calendar application in macOS is /Applications/Calendar.app/Contents/MacOS/Calendar

69763_2.png

Note

Some applications have different names for the executable files. For example, Visual Studio Code has the executable file with the name Electron. Therefore, the complete path is /Applications/Visual Studio Code.app/Contents/MacOS/Electron.

Adding process exclusions in Configuration Profiles

To create a process exclusion in the Configuration Profiles page, follow these steps:

  1. Log in to GravityZoneControl Center.

  2. Go to the Policies > Configuration Profiles page from the left side menu.

  3. On the Exclusions page, click Add Exclusions.

  4. In the configuration page, select Process as object type.

  5. In the Excluded item field, enter the complete path to the executable file of the application. For example: /Applications/Visual Studio Code.app/Contents/MacOS/Electron.

    configuration-profiles_exclusion_69763_en.png

  6. Select the scanning modules to which the exclusion applies:

    • On-Access

    • ATC/IDS

    • Ransomware Mitigation

    • LSASS Protection

    • All the above modules

  7. Optionally, enter a note about the exclusion in the Remarks field.

  8. Click the Add.png icon to add the exclusion in the list.

  9. Click the Save button.

Next, you have to assign the exclusion to a list. That list will be used with a policy. To assign the exclusion to a list, follow these steps:

  1. In the Configuration Profiles > Exclusions page, select the process exclusion that you created.

  2. Click the Assign to lists button to add the exclusion to an existing list.

    Note

    If you want to use the exclusion with a new list, click the New list option in the left panel to first create the list.

  3. In the configuration window, select the list you want to include the exclusion.

  4. Click the Save button.

Next, you have to add the list to the policy that is active on the Mac endpoints. Follow these steps:

  1. Go to the Policies page from the left side menu.

  2. Click the policy name to open it.

  3. Go to the Antimalware > Settings page.

  4. Select the Exclusions from configuration profiles check box.

    policy_antimalware_exclusions_from_config_profiles_69763_en.png

  5. Select the list that includes the exclusion.

  6. Click Save.

In the Configuration Profiles page you can take actions on exclusions, such as edit, delete, or change the list assignment.

Adding process exclusions in the Antimalware section of the policy

To exclude a process from scanning for malware in the Antimalware section of the policy settings, follow these steps:

  1. Log in to GravityZoneControl Center.

  2. Go to the Policies page from the left side menu.

  3. Create or edit a custom policy.

  4. Go to Antimalware and click Settings.

  5. Select the In-policy exclusions check box.

  6. From the menu, select Process as exclusion type.

    antimalware_settings_exclusions_69763_en.png

  7. Enter the complete path to the executable file of the application. For example, the complete path for the Time Machine application is /Applications/Time Machine.app/Contents/MacOS/Time Machine.

  8. Select the scanning modules to which the rule applies:

    • On-Access

    • ATC/IDS

    • Ransomware Mitigation

    • All the above modules

  9. Optionally, click Show remarks to add a note about this exclusion in the Remarks field.

  10. Click the add_inline.pngAdd button.

  11. Click Save.

To remove a rule from the list, click the corresponding delete_inline.pngDelete button.

Adding process exclusions in the Network Protection section of the policy

To exclude a process from traffic scanning in the Network Protection section of the policy settings, follow these steps:

  1. Log in to GravityZoneControl Center.

  2. Go to the Policies page from the left side menu.

  3. Create or edit a custom policy.

  4. Go to Network Protection > General and select the Exclusions check box.

  5. From the menu, select Application as exclusion type.

    network-protection_exclusions_process_69763_en.png

  6. Enter the name of the executable file of the application to be excluded.

    For example, enter calendar to exclude the Calendar application, firefox to exclude the Mozilla Firefox browser, or electron to exclude the Visual Studio Code application.

    Use wildcards to specify any applications matching a certain name pattern.

    For example:

    • c*.exe matches all applications starting with "c" (chrome.exe).

    • ??????.exe matches all applications with a name that contains six characters (chrome.exe, safari.exe, etc.).

    • [^c]*.exe matches all application except for those starting with "c".

    • [^ci]*.exe matches all application except for those starting with "c" or "i".

    Note

    You do not need to enter a path and the executable file does not have an extension.

  7. Optionally, add a note about the exclusion in the Remarks field.

  8. Click the add_inline.pngAdd button.

  9. Click Save.

    To remove a rule from the list, click the corresponding delete_inline.pngDelete button.

In this section: