Creating a scan exclusion

A scan exclusion is a set of conditions that must be fulfilled so that Kaspersky Endpoint Security will not scan a particular object for viruses and other threats.

Scan exclusions make it possible to safely use legitimate software that can be exploited by criminals to damage the computer or user data. Although they do not have any malicious functions, such applications can be exploited by intruders. For details on legitimate software that could be used by criminals to harm the computer or personal data of a user, please refer to the Kaspersky IT Encyclopedia website.

Such applications may be blocked by Kaspersky Endpoint Security. To prevent them from being blocked, you can configure scan exclusions for the applications in use. To do so, add the name or name mask that is listed in the Kaspersky IT Encyclopedia to the trusted zone. For example, you often use the Radmin application for remote administration of computers. Kaspersky Endpoint Security regards this activity as suspicious and may block it. To prevent the application from being blocked, create a scan exclusion with the name or name mask that is listed in the Kaspersky IT Encyclopedia.

If an application that collects information and sends it to be processed is installed on your computer, Kaspersky Endpoint Security may classify this application as malware. To avoid this, you can exclude the application from scanning by configuring Kaspersky Endpoint Security as described in this document.

Scan exclusions can be used by the following application components and tasks that are configured by the system administrator:

Kaspersky Endpoint Security does not scan an object if the drive or folder containing this object is included in the scan scope at the start of one of the scan tasks. However, the scan exclusion is not applied when a custom scan task is started for this particular object.

How to create a scan exclusion in the Administration Console (MMC)

How to create a scan exclusion in the Web Console and Cloud Console

How to create a scan exclusion in the application interface

Path mask examples:

Paths to files located in any folder:

  • The mask *.exe will include all paths to files that have the exe extension.
  • The mask example* will include all paths to files named EXAMPLE.

Paths to files located in a specified folder:

  • The C:\dir\*.* mask will include all paths to files located in the C:\dir\ folder, but not in the subfolders of C:\dir\.
  • The mask C:\dir\* will include all paths to files located in the C:\dir\ folder, but not in the subfolders of C:\dir\.
  • The mask C:\dir\ will include all paths to files located in the C:\dir\ folder, but not in the subfolders of C:\dir\.
  • The mask C:\dir\*.exe will include all paths to files with the EXE extension located in the C:\dir\ folder, but not in the subfolders of C:\dir\.
  • The mask C:\dir\test will include all paths to files named "test" located in the C:\dir\ folder, but not in the subfolders of C:\dir\.
  • The mask C:\dir\*\test will include all paths to files named "test" located in the C:\dir\ folder and in the subfolders of C:\dir\.

Paths to files located in all folders with a specified name:

  • The mask dir\*.* will include all paths to files in folders named "dir", but not in the subfolders of those folders.
  • The mask dir\* will include all paths to files in folders named "dir", but not in the subfolders of those folders.
  • The mask dir\ will include all paths to files in folders named "dir", but not in the subfolders of those folders.
  • The mask dir\*.exe will include all paths to files with the EXE extension in folders named "dir", but not in the subfolders of those folders.
  • The mask dir\test will include all paths to files named "test" in folders named "dir", but not in the subfolders of those folders.

Page top