Policy based exclusions
Bitdefender GravityZone provides full visibility into organizations' overall security posture, global security threats, and control over its security services that protect virtual or physical desktops, servers and mobile devices. All Bitdefender's Enterprise Security solutions are managed within the GravityZone through a single console, Control Center, that provides control, reporting, and alerting services for various roles within the organization.
This article shows you how to manage antimalware scanning exclusions from policy settings.
In this section you can configure scan exclusion rules. Exclusions can apply to on-access scanning, on-demand scanning or both. Based on the object of the exclusion, there are four types of exclusions:
- File exclusions: the specified file only is excluded from scanning.
- Folder exclusions: all files inside the specified folder and all of its subfolders are excluded from scanning.
- Extension exclusions: all files having the specified extension are excluded from scanning.
Process exclusions: any object accessed by the excluded process is also excluded from scanning. You can also configure process exclusions for the Advanced Threat Control and Intrusion Detection System technologies.
IMPORTANT! Scan exclusions are to be used in special circumstances or following Microsoft or Bitdefender recommendations. For an updated list of exclusions recommended by Microsoft, please refer to this article. If you have an EICAR test file that you use periodically to test antimalware protection, you should exclude it from on-access scanning.
In the Policies > Antimalware > Exclusions page, use the Activate exclusions checkbox to turn scanning exclusions on or off.
To configure an exclusion rule:
- Select the exclusion type from the menu.
Depending on the exclusion type, specify the object to be excluded as follows:
Extension exclusions. Specify one or more file extensions to be excluded from scanning, separating them with a semicolon ";". You can enter extensions with or without the preceding dot. For example, enter txt to exclude text files.
File, folder and process exclusions. You must specify the path to the excluded object on the target computers.
- Choose from the menu either a predefined location or the Specific paths option.
- If you have chosen a predefined location, complete the path as needed. For example, to exclude the entire Program Files folder, it suffices to select the corresponding predefined location from the menu. To exclude a specific folder from Program Files, you must complete the path by adding a backslash () and the folder name. For process exclusions, you must also add the name of the application's executable file.
- If you have chosen Specific paths, enter the full path to the object to be excluded. It is advisable to use system variables (where appropriate) to make sure the path is valid on all target computers.
- Extension exclusions. Specify one or more file extensions to be excluded from scanning, separating them with a semicolon ";". You can enter extensions with or without the preceding dot. For example, enter txt to exclude text files.
Select the types of scanning the rule will apply to. Some exclusions may be relevant for on-access scanning only, some for on-demand scanning only, while others may be recommended for both. Process exclusions can be configured for on-access scanning and for the Advanced Threat Control and Intrusion Detection System technologies.
NOTE: Please note that on-demand scanning exclusions will NOT apply to contextual scanning. Contextual scanning is initiated by right-clicking a file or folder and selecting Scan with Bitdefender.
- Click the Add button. The new rule will be added to the list.
To remove a rule from the list, click the corresponding Delete button.
Note: BEST Advanced Threat Control (ATC) is not compatible with Windows Server 2003 and Windows XP.