This site is only for Avast Business products. For articles on AVG Business products, see AVG Business Help.

Configuring Antivirus Exclusions

This Article Applies to:

  • Business Hub

 

Through your Avast Business Management Console, you can exclude specified files, folders, or websites from being scanned by Antivirus if needed. Configuring standard and component-specific exclusions can speed up scans and prevent false-positive detections.

 

Exclusions are limited to approximately 8000 characters across both standard (All Scans and Shields) and component-specific (File Shield, Web Shield, etc) exclusions. Therefore, we recommend minimizing exclusions where possible to prevent any security flaws and/or impact on system performance.

Wildcards can be used when configuring exclusions. Note, however, that Behavior Shield, Web Shield, and Sandbox have certain limitations when it comes to the use of wildcards. For more info, see respective sections below.

Configuring Standard Exclusions

You can configure exclusions (called exceptions in the local UI) that will propagate across all of the various Antivirus shields and components in the Exclusions tab of your console, within a selected policy.

Any changes made to exclusions within policies will propagate across your network every 5-10 minutes. Console policies override local settings.

 

Adding Exclusions

  1. Click the policy you would like to add exclusions to on the Policies page
  2. Click the Exclusions tab
  3. Expand the Antivirus exclusions section
  4. Under the All Scans and Shields tab, click + Add new exclusion in the desired section:
    • File paths: enter a file path you would like to exclude, then click Add new exclusion
    • Hardened mode: enter an executable file you would like to exclude, then click Add new exclusion
    • URL addresses: enter a URL you would like to exclude, then click Add new exclusion
  5. Click Save when you are finished

If you have multiple OS types using the same policy, be sure to add the exclusions to this section under the Windows Workstation and/or Windows Server tabs.

 

Configuring Component-Specific Exclusions

Many of the customizable Antivirus components have a dedicated tab for configuring exclusions that will only affect that particular component. The process of creating specific exclusions is similar for most shields and components.

File Shield Exclusions

Any exclusions specified here will not be scanned by File Shield during a device scan. This can be used to speed up your scan for locations you know are safe or to prevent false positives.

  1. Click the policy you would like to add exclusions to on the Policies page
  2. Click the Exclusions tab
  3. Expand the Antivirus exclusions section
  4. Click the File shield tab
  5. Click + Add new exclusion
  6. Enter the file path you would like to exclude
  7. Use the check boxes to specify when the exclusion applies — when the file is Read, Written, or Executed
  8. Click Add new exclusion

Web Shield Exclusions

Any exclusions specified here will not be scanned by Web Shield when devices are accessing the internet. This can be used to prevent false positives. Note that if you want to block specific URLs, you must enter these on the Site Blocking tab.

Web Shield's Process exclusion paths do not accept wildcard characters.

  1. Click the policy you would like to add exclusions to on the Policies page
  2. Click the Exclusions tab
  3. Expand the Antivirus exclusions section
  4. Click the Web shield tab
  5. Click + Add new exclusion under the type of exclusion you are adding, between:
    • URL addresses
    • MIME-types
    • Processes (these do not accept wildcards)
    • Scripts
    • macOS-specific
  6. Enter the details for the exclusion
  7. Click Add new exclusion

Behavior Shield Exclusions

Any exclusions specified here will not be scanned by Behavior Shield when devices are running programs and processes. Network share is supported as long as you are using the absolute path to the folder/file.

Behavior Shield does not support inserting wildcards at the beginning or in the middle of a file path (for example, C:\users\*\application.exe). However, you can still use a wildcard at the end of the path (for instance, C:\users\username\*).

  1. Click the policy you would like to add exclusions to on the Policies page
  2. Click the Exclusions tab
  3. Expand the Antivirus exclusions section
  4. Click the Behavior shield tab
  5. Click + Add new exclusion
  6. Enter the location of the program you would like to exclude
  7. Click Add new exclusion

Sandbox Exclusions

These exclusions will only apply when Sandbox is used to virtualize potentially infected files, and will ensure the specified locations are not brought into the virtualized environment. For example, you can exclude your Downloads folder so that files downloaded from a browser in the virtualized environment are not deleted when you close the browser.

Sandbox exclusion paths do not accept wildcard characters.

  1. Click the policy you would like to add exclusions to on the Policies page
  2. Click the Exclusions tab
  3. Expand the Antivirus exclusions section
  4. Click the Sandbox tab
  5. Click + Add new exclusion
  6. Enter the location you would like to exclude from virtualization
  7. Click Add new exclusion

CyberCapture/Hardened Mode Exclusions

These exclusions are only used by DeepScreen (part of CyberCapture component) and Hardened Mode, to keep executables from being scanned.

  1. Click the policy you would like to add exclusions to on the Policies page
  2. Click the Exclusions tab
  3. Expand the Antivirus exclusions section
  4. Under the All Scans and Shields tab, click + Add new exclusion in the Hardened mode or CyberCapture sections
  5. Enter the file path you would like to exclude
  6. Click Add new exclusion

 

Related Articles:

Logging Blocked Packets to Create Exclusions

Configuring Files and Programs Scanned by Antivirus

Exchange Server Recommendations

Wildcards