Directly contact our Support Team

Antimalware Exclusions in Bitdefender GravityZone

Bitdefender security agent can exclude from scanning certain object types. Antimalware exclusions are to be used in special circumstances, or following Microsoft or Bitdefender recommendations. For an updated list of exclusions recommended by Microsoft, please refer to this article.

You can define Custom Exclusions for in-house developed applications or customized tools, according to your specific needs.

The antimalware module of Bitdefender Control Center provides real-time scanning of all the running processes and applications on the machine it protects. However, the real-time scanning might prevent certain applications from running correctly when they are scanned.

Custom antimalware exclusions apply to one or more of the following scanning methods:

  • On-access scanning

  • On-demand scanning

  • Advanced Threat Control (ATC/IDS)

important

Important:

  • If you have an EICAR test file that you use periodically to test antimalware protection, you should exclude it from on-access scanning.

  • If using VMware Horizon View 7 and App Volumes AppStacks, refer to this VMware document.

To exclude specific items from scanning, follow the steps below:

  1. Log in to GravityZone Control Center.
  2. Go to the Policies page.
  3. Select or create a policy (except the Default policy).
  4. Go to Antimalware and click Settings.
  5. Select the Custom Exclusions check box.

  1. Select the exclusion type from the menu:

    • File: only the specified file

    • Folder: only the specified folder, without any files and processes inside that folder or from all of its subfolders

    • Extension: all items having the specified extension

    • Process: any object accessed by the excluded process

    • File Hash: the file with the specified hash

    • Certificate Hash: all the applications under the specified certificate hash(thumbprint)

    • Threat Name: any item having the detection name

    • Command Line: the specified command line (available only for Windows operating systems)

  2. Provide the details specific to the selected exclusion type: File, Folder or Process. Enter the path to the item to be excluded from scanning. You have several helpful options to write the path:

    • Declare the path explicitly.
      For example: C:\temp
      To add exclusions for UNC paths, use any of the following syntaxes:
      \\hostName\shareName\filePath
      \\IPaddress\shareName\filePath

    • Use the system variables available in the drop-down menu.
      For process exclusions, you must also add the name of the application's executable file.
      For example:
      %ProgramFiles% - excludes the Program Files folder
      %WINDIR%\system32 - excludes folder system32 within Windows

    • Use wildcards.
      The double asterisk (**) substitutes for zero or more characters. The single asterisk (*) substitutes for zero or more characters excepting path delimiters. The question
      mark (?) substitutes for exactly one character. You can use several
      question marks to define any combination of a specific number of
      characters. For example, ??? substitutes for any combination of exactly
      three characters.
      For example: 
      File exclusions: 

      **\example.txt – excludes any file named example.txt, regardless of its location on the endpoint
      C:\Test\* – excludes all files from Test folder
      C:\Test\*.png – excludes all PNG files, from the Test folder 
      C:\Test – excludes all files and folders from the Test folder
      Folder exclusion:

      C:\Test\* – excludes all folders from Test
      C:\Test – excludes all files and folders under Test folder
      Process exclusion:
      C:\Program Files\WindowsApps\Microsoft.Not??.exe –  excludes the Microsoft Notes processes.
      C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Bypass -Command "& '%~dp0Install-VisualCRedist.ps1'-Architecture 'x64','x86' -ShowProgress -Verbose" - excludes a PowerShell script. After adding the full path of the PowerShell executable, add the script parameters.

    • note Note:
      Processes exclusions do not support wildcards on Linux operating systems.

    Extension
    Enter one or more file extensions to be excluded from scanning, separating them with a semicolon ";". You can enter extensions with or without the preceding dot. For example, enter txt to exclude text files.

    File hash, Certificate hash, Threat name, or Command line
    Enter the file hash, certificate thumbprint (hash), the exact name of the threat or the command line depending on the exclusion rule. You can use one item per exclusion.

  3. Select the scanning methods to which the rule applies.Some exclusions may be relevant for On-access scanning, On-demand scanning, ATC/IDS, while others may be recommended for two or all of the three modules.

  4. Optionally, click the Show remarks button to add a note in the Remarks

  5. Click the Add button. The new rule will be added to the list.

  6. Click the Save button.

important

Important:

  • Please note that on-demand scanning exclusions will NOT apply to contextual scanning. Contextual scanning is initiated by right-clicking a file or folder and selecting Scan with Bitdefender Endpoint Security Tools.

To remove a rule from the list, click the corresponding Delete button.

Can't find a solution for your problem? Open an email ticket and we will answer the question or concern in the shortest time possible.

Rate this article:

Submit