Skip to main content


In this page, you can configure options such as enabling or disabling functionalities and configure exclusions.

The settings are organized into the following sections:

General settings

  • Intercept Encrypted Traffic - Select this option if you want the Secure Sockets Layer (SSL) web traffic to be inspected by the Bitdefender security agent's protection modules.

    • for HTTPS- Select this option if you want to extend SSL scanning to HTTP protocol.

    • for RDP- Select this option if you want to extend SSL scanning to RDP protocol.

    • Scan FTPS - Select this option to enable outbound traffic monitoring over FTPS protocol on Linux machines.

    • Scan SCP/SSH - Select this option to enable outbound traffic monitoring over SCP and SSH protocols on Linux machines.

    • Exclude finance domains - Select this option to exclude any financial domains from scanning.

    For details on the authentication procedures using SSH keys, refer to SSH PKI authentication on endpoint outbound connections.

    The FTPS protocol defines at least two different ways to start this sequence: explicit (active) security and implicit (passive) security.


    Network Attack Defense only works with implicit (passive) security.

  • Show browser toolbar (legacy) - The Bitdefender toolbar informs users about the rating of the web pages they are viewing. The Bitdefender toolbar is not your typical browser toolbar. The only thing it ads to the browser is a small dragger light.png at the top of every web page. Clicking the dragger opens the toolbar.

    Depending on how Bitdefender classifies the web page, one of the following ratings is displayed on the left side of the toolbar:

    • The message "This page is not safe" appears on a red background.

    • The message "Caution is advised" appears on an orange background.

    • The message "This page is safe" appears on a green background.


    • This option is not available for macOS.

    • This option is removed from Windows starting with new installations of Bitdefender Endpoint Security Tools version

  • Browser Search Advisor (legacy)

    Search Advisor rates the results of Google, Bing and Yahoo! searches, as well as links from Facebook and Twitter, by placing an icon in front of every result.

    Icons used and their meaning:

    • unsafe.png You should not visit this web page.

    • suspect.png This web page may contain dangerous content. Exercise caution if you decide to visit it.

    • safe.png This is a safe page to visit.


    • This option is not available for macOS.

    • This option is removed from Windows starting with new installations of Bitdefender Endpoint Security Tools version


You can choose to skip certain traffic of being scanned for malware while the Network Protection options are enabled.


These exclusions apply to Traffic Scan and Antiphishing, in the Web Protection section, and to Network Attack Defense, in the Network Attacks section. Data Protection exclusions are configurable separately, in the Content Control section.

On Linux systems, the exclusions are made at the application level, not at the iptables level.

To define an exclusion:

  1. Select the exclusion type from the menu.

  2. Depending on the exclusion type, define the traffic entity to be excluded from scanning as follows:

    • IP/mask - Enter the IP address or the IP mask for which you do not want to scan the incoming and outgoing traffic, which includes network attack techniques.

      You can also exclude vulnerability scanners by adding their IP addresses in this section or by duplicating exclusions created in the Firewall section. For details on Firewall exclusions, refer to the "Block port scans" in Firewall Configuration.

    • URL - Excludes from scanning the specified web addresses. Take into account that URL-based scan exclusions apply differently for HTTP versus HTTPS connections, as explained hereinafter.

      You can define a URL-based scan exclusion as follows:

      1. Enter a specific URL, such as

        • In the case of HTTP connections, only the specific URL is excluded from scanning.

        • For HTTPS connections, adding a specific URL excludes the entire domain and any of its subdomains. Therefore, in this case, you can specify directly the domain to be excluded from scanning.

      2. Use wildcards to define web address patterns.

        You can use the following wildcards:

        • Asterisk (*) substitutes for zero or more characters.

        • Question mark (?) substitutes for exactly one character. You can use several question marks to define any combination of a specific number of characters. For example, ??? substitutes for any combination of exactly three characters.

        In the following table, you can find several syntax samples for specifying web addresses (URLs).


        Exception Applicability


        Any URL starting with www.example (regardless of the domain extension).

        The exclusion will not apply to the subdomains of the specified website, such as


        Any URL ending in, including subdomains thereof.


        Any URL that contains the specified string.


        Any website having the .com domain extension, including subdomains thereof. Use this syntax to exclude from scanning the entire top-level domains.


        Any web address starting with www.example?.com, where ? can be replaced with any single character.

        Such websites might include: or


      You can use protocol-relative URLs.

    • Application - Excludes from scanning the specified process or application. To define an application scan exclusion:

      1. Enter the name of the executable file of the application to be excluded.

        For example, enter calendar to exclude the Calendar application, firefox to exclude the Mozilla Firefox browser, or electron to exclude the Visual Studio Code application.

      2. Use wildcards to specify any applications matching a certain name pattern.

        For example:

        • c*.exe matches all applications starting with "c" (chrome.exe).

        • ??????.exe matches all applications with a name that contains six characters (chrome.exe, safari.exe, etc.).

        • [^c]*.exe matches all application except for those starting with "c".

        • [^ci]*.exe matches all application except for those starting with "c" or "i".


        You do not need to enter a path and the executable file does not have an extension. This is different from exclusions in Antimalware, where you need to specify the entire path.

  3. Click the add_inline.pngAdd button at the right side of the table.

To remove an entity from the list, click the corresponding delete_inline.pngDelete button.