Exclude process memory from scans
You can exclude process memory from scans. The application does not scan the memory of the specified processes.
Configuring exclusions in the Web Console
In the Web Console, you can configure excluding process memory from scans in the policy properties (Application settings → General settings → Application settings).
Clicking Configure exclusion of process memory from scans under Exclude process memory from scans opens the Exclude process memory from scans window, where you can create a list of exclusions.
The list in the Exclude process memory from scans window contains the paths to processes that the application excludes from process memory scanning. You can use masks to specify the path. By default, the list is empty.
You can use the * (asterisk) character to create a file or directory name mask.
You can indicate a single * character to represent any set of characters (including an empty set) preceding the / character in the file or directory name. For example, /dir/*/file or /dir/*/*/file.
You can indicate two consecutive * characters to represent any set of characters (including an empty set and the / character) in the file or directory name. For example, /dir/**/file*/ or /dir/file**/.
The ** mask can be used only once in a directory name. For example, /dir/**/**/file is an incorrect mask.
To exclude the mount point /dir, you need to specifically indicate /dir (no asterisk).
The mask /dir/* excludes all mount points at the level below /dir but not /dir itself. The /dir/** mask excludes all mount points below the level of /dir but not /dir itself.
You can use a single ? character to represent any one character in the file or directory name.
You can add, edit, and delete items in the list.
Clicking the Delete button causes Kaspersky Endpoint Security to remove the selected process path from the list.
This button is available if at least one process path is selected in the list.
The Edit button a window where you can change the process path. Kaspersky Endpoint Security excludes the memory of the indicated process from scans.
The Add button opens a window where you can enter the full path to a process. Kaspersky Endpoint Security excludes the memory of the indicated process from scans.
Configuring exclusions in the Administration Console
In the Administration Console, you can configure excluding process memory from scans in the policy properties (General settings → Excluding process memory).
Clicking Configure under Exclude process memory from scans opens a window where you can create a list of exclusions.
The list in the Exclude process memory from scans window contains the paths to processes that the application excludes from process memory scanning. You can use masks to specify the path. By default, the list is empty.
You can use the * (asterisk) character to create a file or directory name mask.
You can indicate a single * character to represent any set of characters (including an empty set) preceding the / character in the file or directory name. For example, /dir/*/file or /dir/*/*/file.
You can indicate two consecutive * characters to represent any set of characters (including an empty set and the / character) in the file or directory name. For example, /dir/**/file*/ or /dir/file**/.
The ** mask can be used only once in a directory name. For example, /dir/**/**/file is an incorrect mask.
To exclude the mount point /dir, you need to specifically indicate /dir (no asterisk).
The mask /dir/* excludes all mount points at the level below /dir but not /dir itself. The /dir/** mask excludes all mount points below the level of /dir but not /dir itself.
You can use a single ? character to represent any one character in the file or directory name.
You can add, edit, and delete items in the list.
Clicking the Delete button causes Kaspersky Endpoint Security to remove the selected process path from the list.
This button is available if at least one process path is selected in the list.
The Edit button a window where you can change the process path. Kaspersky Endpoint Security excludes the memory of the indicated process from scans.
The Add button opens a window where you can enter the full path to a process. Kaspersky Endpoint Security excludes the memory of the indicated process from scans.
Configuring exclusions on the command line
You can configure excluding process memory from scans in the command line using the MemScanExcludedProgramPath.item_# option in the general application settings.
You can edit the setting using command line options or a configuration file that contains all general application settings.
MemScanExcludedProgramPath.item_# contains the full path to the process in the local directory. You can use masks to specify the path.
You can use the * (asterisk) character to create a file or directory name mask.
You can indicate a single * character to represent any set of characters (including an empty set) preceding the / character in the file or directory name. For example, /dir/*/file or /dir/*/*/file.
You can indicate two consecutive * characters to represent any set of characters (including an empty set and the / character) in the file or directory name. For example, /dir/**/file*/ or /dir/file**/.
The ** mask can be used only once in a directory name. For example, /dir/**/**/file is an incorrect mask.
You can use a single ? character to represent any one character in the file or directory name.
You can specify several processes to exclude from scanning.
Page top