Exclusions

A trusted zone is a system administrator-configured list of objects and applications that Kaspersky Endpoint Security does not monitor when active. In other words, it is a set of scan exclusions.

The administrator forms the trusted zone independently, taking into account the features of the objects that are handled and the applications that are installed on the computer. It may be necessary to include objects and applications in the trusted zone when Kaspersky Endpoint Security blocks access to a certain object or application, if you are sure that the object or application is harmless.

You can exclude objects from scans by using the following methods:

Scan exclusions

A scan exclusion is a set of conditions that must be fulfilled so that Kaspersky Endpoint Security will not scan a particular object for viruses and other threats.

Scan exclusions make it possible to safely use legitimate software that can be exploited by criminals to damage the computer or user data. Although they do not have any malicious functions, such applications can be used as an auxiliary component in malware. Examples of such applications include remote administration tools, IRC clients, FTP servers, various utilities for suspending or concealing processes, keyloggers, password crackers, and auto-dialers. Such applications are not categorized as viruses. For details on legitimate software that could be used by criminals to harm the computer or personal data of a user, please visit the website of the Kaspersky Virus Encyclopedia.

Such applications may be blocked by Kaspersky Endpoint Security. To prevent them from being blocked, you can configure scan exclusions for the applications in use. To do so, add the name or name mask that is listed in the Kaspersky Virus Encyclopedia to the trusted zone. For example, you often use the Radmin application for remote administration of computers. Kaspersky Endpoint Security regards this activity as suspicious and may block it. To prevent the application from being blocked, create a scan exclusion with the name or name mask that is listed in the Kaspersky Virus Encyclopedia.

If an application that collects information and sends it to be processed is installed on your computer, Kaspersky Endpoint Security may classify this application as malware. To avoid this, you can exclude the application from scanning by configuring Kaspersky Endpoint Security as described in this document.

Scan exclusions can be used by the following application components and tasks that are configured by the system administrator:

List of trusted applications

The list of trusted applications is a list of applications whose file and network activity (including malicious activity) and access to the system registry are not monitored by Kaspersky Endpoint Security. By default, Kaspersky Endpoint Security scans objects that are opened, executed, or saved by any program process and controls the activity of all applications and network traffic that is generated by them. Kaspersky Endpoint Security excludes applications in the list of trusted applications from scanning.

For example, if you consider objects that are used by the standard Microsoft Windows Notepad application to be safe without scanning, meaning that you trust this application, you can add Microsoft Windows Notepad to the list of trusted applications. Scanning then skips objects that are used by this application.

In addition, certain actions that are classified by Kaspersky Endpoint Security as suspicious may be safe within the context of the functionality of a number of applications. For example, the interception of text that is typed from the keyboard is a routine process for automatic keyboard layout switchers (such as Punto Switcher). To take account of the specifics of such applications and exclude their activity from monitoring, we recommend that you add such applications to the trusted applications list.

Excluding trusted applications from scanning allows avoiding compatibility conflicts between Kaspersky Endpoint Security and other programs (for example, the problem of double-scanning of the network traffic of a third-party computer by Kaspersky Endpoint Security and by another anti-virus application), and also increases the computer's performance, which is critical when using server applications.

At the same time, the executable file and process of the trusted application are still scanned for viruses and other malware. An application can be fully excluded from Kaspersky Endpoint Security scanning by means of scan exclusions.

Settings of exclusions

Parameter

Description

Objects for detection

Regardless of the configured application settings, Kaspersky Endpoint Security always detects and blocks viruses, worms, and Trojans. They can cause significant harm to the computer.

  • Viruses and worms
  • Trojans
  • Malicious tools
  • Adware
  • Auto-dialers
  • Other
  • Packed files that may cause harm
  • Multi-packed files

Scan exclusions

This table contains information about scan exclusions.

You can exclude objects from scans by using the following methods:

  • specify the path to the file or folder;
  • enter the object hash;
  • Use masks:
    • The * (asterisk) character, which takes the place of any set of characters in the file or folder name, except the \ and / characters (delimiters of the names of files and folders in paths to files and folders). For example, the mask C:\*\*.txt will include all paths to files with the TXT extension located in folders on the C: drive, but not in subfolders.
    • Two consecutive * characters take the place of any set of characters (including an empty set) in the file or folder name, including the \ and / characters (delimiters of the names of files and folders in paths to files and folders). For example, the mask C:\Folder\**\*.txt will include all paths to files with the TXT extension located in the folder named Folder and its subfolders. The mask must include at least one nesting level. The mask C:\**\*.txt is not a valid mask.
    • The ? (question mark) character, which takes the place of any single character in the file or folder name, except the \ and / characters (delimiters of the names of files and folders in paths to files and folders). For example, the mask C:\Folder\???.txt will include paths to all files residing in the folder named Folder that have the TXT extension and a name consisting of three characters.
      • Enter the object name based on the classification of the Kaspersky Virus Encyclopedia (for example, legitimate software that could be used by criminals to harm your computer or personal data).

Trusted applications

This table lists trusted applications whose activity is not monitored by Kaspersky Endpoint Security during its operation.

The Application Control component regulates the startup of each of the applications regardless of whether or not the application is included in the table of trusted applications.

Use trusted system certificate store

If the check box is selected, Kaspersky Endpoint Security excludes from scanning the applications signed with a trusted digital signature. The Host Intrusion Prevention component automatically assigns such applications to the Trusted group.

If the check box is cleared, a virus scan is performed regardless of whether or not the application has a digital signature. The Host Intrusion Prevention component assigns applications to trust groups according to the configured settings.

See also: Managing the application via the local interface

Creating a scan exclusion

Modifying a scan exclusion

Deleting a scan exclusion

Enabling and disabling a scan exclusion

Editing the list of trusted applications

Enabling and disabling trusted zone rules for an application in the list of trusted applications

Using trusted system certificate storage

Page top