Editing the protection scope

The protection scope is a list of paths to shared folders in which Kaspersky Endpoint Security monitors file activity. Kaspersky Endpoint Security supports environment variables and the * and ? characters when entering a mask. By default, the application automatically identifies shared folders and monitors file activity in all folders.

Excluding a folder from the protection scope can reduce the amount of false positives if your organization uses data encryption when exchanging files using shared folders. For example, Behavior Detection can raise false positives when the user works with files with the ENC extension in a shared folder. Such activity matches a behavioral pattern that is typical for external encryption. If you have encrypted files in a shared folder to protect data, add that folder to exclusions.

You can also exclude computers from which external encryption attempts must not be handled.

How to edit a protection scope in the Administration Console (MMC)

How to edit a protection scope in the Web Console and Cloud Console

How to edit a protection scope in the application interface

In the main application window, click the button.
In the application settings window, select General settings → Exclusions and types of detected objects.
In the Exclusions block, click the Manage exclusions link.
Click Add.
Click Browse and select the shared folder.
You can also enter the path manually. Kaspersky Endpoint Security supports the * and ? characters when entering a mask:
- The * (asterisk) character, which takes the place of any set of characters, except the \ and / characters (delimiters of the names of files and folders in paths to files and folders). For example, the mask C:\*\*.txt will include all paths to files with the TXT extension located in folders on the C: drive, but not in subfolders.
- Two consecutive * characters take the place of any set of characters (including an empty set) in the file or folder name, including the \ and / characters (delimiters of the names of files and folders in paths to files and folders). For example, the mask C:\Folder\**\*.txt will include all paths to files with the TXT extension located in folders nested within the Folder, except the Folder itself. The mask must include at least one nesting level. The mask C:\**\*.txt is not a valid mask.
- The ? (question mark) character, which takes the place of any single character, except the \ and / characters (delimiters of the names of files and folders in paths to files and folders). For example, the mask C:\Folder\???.txt will include paths to all files residing in the folder named Folder that have the TXT extension and a name consisting of three characters.
You can use masks at the beginning, in the middle or at the end of the file path. For example, if you want to add a folder for all users to exclusions, enter the ?:\Users\*\Folder\ mask.
In the Protection components block, select the Behavior Detection component.
If necessary, in the Comment field, enter a brief comment on the scan exclusion that you are creating.
Select the Active status for the exclusion.
You can use the toggle to stop an exclusion at any time.
Save your changes.

In the main window of the Web Console, select Assets (Devices) → Policies & profiles.
Click the name of the Kaspersky Endpoint Security policy.
The policy properties window opens.
Select the Application settings tab.
Go to the Trusted Zone section.
In the window that opens, click the Malware Scan exclusions link.
Select the Merge values when inheriting check box if you want to create a consolidated list of exclusions for all computers in the company. The lists of exclusions in the parent and child policies will be merged. The lists will be merged provided that merging values when inheriting is enabled. Exclusions from the parent policy are displayed in child policies in a read-only view. Changing or deleting exclusions of the parent policy is not possible.
Select the Allow use of local exclusions check box if you want to enable the user to create a local list of exclusions. This way, a user can create their own local list of exclusions in addition to the general list of exclusions generated in the policy. An administrator can use Kaspersky Security Center to view, add, edit, or delete list items in the computer properties.
If the check box is cleared, the user can access only the general list of exclusions generated in the policy. Also, if this check box is cleared, Kaspersky Endpoint Security hides the consolidated list of scan exclusions in the user interface of the application.
Click Add and select an action:
- Category. You can group scan exclusions into separate categories. To create a new category, enter the name of the category and add at least one scan exclusion to the category.
- New exclusion. Kaspersky Endpoint Security adds a new scan exclusion to the root of the list.
- Select exclusion from list. To quickly configure Kaspersky Endpoint Security on SQL servers, Microsoft Exchange servers, and System Center Configuration Manager, the application includes predefined scan exclusions. Also predefined scan exclusions have been added to support application set-up in Citrix and VMware virtual environments. You must select predefined scan exclusions depending on the purpose of the protected server.
Select how you want to add the exclusion Path to the file or folder.
Enter the path to the shared folder.
You can also enter the path manually. Kaspersky Endpoint Security supports the * and ? characters when entering a mask:
- The * (asterisk) character, which takes the place of any set of characters, except the \ and / characters (delimiters of the names of files and folders in paths to files and folders). For example, the mask C:\*\*.txt will include all paths to files with the TXT extension located in folders on the C: drive, but not in subfolders.
- Two consecutive * characters take the place of any set of characters (including an empty set) in the file or folder name, including the \ and / characters (delimiters of the names of files and folders in paths to files and folders). For example, the mask C:\Folder\**\*.txt will include all paths to files with the TXT extension located in folders nested within the Folder, except the Folder itself. The mask must include at least one nesting level. The mask C:\**\*.txt is not a valid mask.
- The ? (question mark) character, which takes the place of any single character, except the \ and / characters (delimiters of the names of files and folders in paths to files and folders). For example, the mask C:\Folder\???.txt will include paths to all files residing in the folder named Folder that have the TXT extension and a name consisting of three characters.
You can use masks at the beginning, in the middle or at the end of the file path. For example, if you want to add a folder for all users to exclusions, enter the C:\Users\*\Folder\ mask.
In the Apply exclusion to block, select the Behavior Detection component.
If necessary, in the Comment field, enter a brief comment on the scan exclusion that you are creating.
Select the Add to exclusions status for the exclusion.
You can use the toggle to stop an exclusion at any time.
Save your changes.

In the Kaspersky Security Center Administration Console tree, select Policies.
Select the necessary policy and double-click to open the policy properties.
In the policy window, select General settings → Exclusions and object types.
In the Scan exclusions and trusted applications → Scan exclusions block, click the Settings button.
This opens a window containing a list of exclusions.
Select the Merge values when inheriting check box if you want to create a consolidated list of exclusions for all computers in the company. The lists of exclusions in the parent and child policies will be merged. The lists will be merged provided that merging values when inheriting is enabled. Exclusions from the parent policy are displayed in child policies in a read-only view. Changing or deleting exclusions of the parent policy is not possible.
Select the Allow use of local exclusions check box if you want to enable the user to create a local list of exclusions. This way, a user can create their own local list of exclusions in addition to the general list of exclusions generated in the policy. An administrator can use Kaspersky Security Center to view, add, edit, or delete list items in the computer properties.
If the check box is cleared, the user can access only the general list of exclusions generated in the policy. Also, if this check box is cleared, Kaspersky Endpoint Security hides the consolidated list of scan exclusions in the user interface of the application.
Click Add and select an action:
- Category. You can group scan exclusions into separate categories. To create a new category, enter the name of the category and add at least one scan exclusion to the category.
- New exclusion. Kaspersky Endpoint Security adds a new scan exclusion to the root of the list.
- Select exclusion from list. To quickly configure Kaspersky Endpoint Security on SQL servers, Microsoft Exchange servers, and System Center Configuration Manager, the application includes predefined scan exclusions. Also predefined scan exclusions have been added to support application set-up in Citrix and VMware virtual environments. You must select predefined scan exclusions depending on the purpose of the protected server.
Click Add.
In the Properties block, select the File or folder check box.
Click the Select file or folder link in the Scan exclusion description (click underlined items to edit them) block to open the Name of file or folder window.
Click Browse and select the shared folder.
You can also enter the path manually. Kaspersky Endpoint Security supports the * and ? characters when entering a mask:
- The * (asterisk) character, which takes the place of any set of characters, except the \ and / characters (delimiters of the names of files and folders in paths to files and folders). For example, the mask C:\*\*.txt will include all paths to files with the TXT extension located in folders on the C: drive, but not in subfolders.
- Two consecutive * characters take the place of any set of characters (including an empty set) in the file or folder name, including the \ and / characters (delimiters of the names of files and folders in paths to files and folders). For example, the mask C:\Folder\**\*.txt will include all paths to files with the TXT extension located in folders nested within the Folder, except the Folder itself. The mask must include at least one nesting level. The mask C:\**\*.txt is not a valid mask.
- The ? (question mark) character, which takes the place of any single character, except the \ and / characters (delimiters of the names of files and folders in paths to files and folders). For example, the mask C:\Folder\???.txt will include paths to all files residing in the folder named Folder that have the TXT extension and a name consisting of three characters.
You can use masks at the beginning, in the middle or at the end of the file path. For example, if you want to add a folder for all users to exclusions, enter the ?:\Users\*\Folder\ mask.
If necessary, in the Comment field, enter a brief comment on the scan exclusion that you are creating.
Click the link in the Scan exclusion description (click underlined items to edit them) block to open the Protection components window.
Select the check box next to the Behavior Detection component.
Save your changes.

Page top