Scan exclusions help balance system security with performance. For example, according to Kaspersky virus experts, you can safely add data files and index files of databases to exclusions. It is believed that no danger exists of such files becoming virus vectors.
You can exclude safe objects on the list of most frequently scanned objects.
You can configure exclusions by file path (you can also specify the mount type), file mask, threat type, and path to the process performing file operations.
The application does not scan objects excluded from scanning, but file operations still experience minimal delays because the application still performs file operation interception and blocking. If you need to prevent even minimal delays, we recommend configuring exclusions from file operation interception.
You can configure File Threat Protection exclusions in a policy using the Web Console or Administration Console, or locally on the device using the command line.
You can also configure exclusions for scan tasks of the ODS and ContainerScan types. Exclusions are configured in task settings in Kaspersky Security Center or locally on the device using the command line.
Scan exclusion settings for one scan task do not affect other scan tasks. Exclusions must be configured separately for each scan task.
Below are examples of configuring File Threat Protection exclusions on the command line.
To exclude the /tmp/logs directory and all subdirectories and files recursively, execute the following command:
kesl-control --set-settings 1 --add-exclusion /tmp/logs
To exclude a specific file or files by mask in the /tmp/logs directory, execute the following command:
kesl-control --set-settings 1 --add-exclusion /tmp/logs/*.log
To exclude all files with the .log extension in the /tmp/ directory and subdirectories using a recursive mask, execute the following command:
kesl-control --set-settings 1 --add-exclusion /tmp/**/*.log