About the Trusted Zone

The Trusted Zone is a list of exclusions from the protection or scan scope that you can generate and apply to On-Demand Scan and Real-Time File Protection tasks, Traffic Security, Script Monitoring, and RPC Network Storage Protection.

If you selected the Add Microsoft recommended files to exclusions list and Add Kaspersky recommended files to exclusions list check boxes when installing Kaspersky Security for Windows Server, Kaspersky Security for Windows Server adds files recommended by Microsoft and Kaspersky for Real-Time Server Protection tasks to the Trusted Zone.

You can create a Trusted Zone in Kaspersky Security for Windows Server according to the following rules:

You can apply the Trusted Zone in the Real-Time File Protection task, Network Threat Protection task, Traffic Security task, Script Monitoring task, RPC Network Storage Protection task, newly created custom On-Demand Scan tasks, and all system On-Demand Scan tasks, except for the Quarantine Scan task.

The Trusted Zone is applied in Real-Time File Protection and On-Demand Scan tasks by default.

The list of rules for generating the Trusted Zone can be exported to an XML configuration file in order to then import it into Kaspersky Security for Windows Server running on another protected device.

Trusted processes

Applies to the Real-Time File Protection and Traffic Security tasks.

Some applications on the protected device may be unstable if the files that they access are intercepted by Kaspersky Security for Windows Server. Such applications include, for example, system domain controller applications.

To avoid disrupting the operation of such applications, you can disable protection of files accessed by the running processes of these applications (thereby creating a list of trusted processes within the Trusted Zone).

Microsoft Corporation recommends excluding some Microsoft Windows operating system files and Microsoft application files from Real-Time File Protection as programs that cannot be infected. The names of some of these are listed on the Microsoft website (article code: KB822158).

You can enable or disable the use of trusted processes in the Trusted Zone.

If an executable file is modified, for example, through an update, Kaspersky Security for Windows Server will exclude it from the list of trusted processes.

The application does not use the file's path on a protected device to trust the process. The path to the file on the protected device is used only to search for the file, calculate a checksum, and provide the user with the information about the source of the executable file.

Backup operations

Applies to Real-Time Server Protection tasks.

When data stored on hard drives is backed up to external devices, you can disable protection of objects that are accessed during the backup operations. Kaspersky Security for Windows Server will scan objects which the backup application opens for reading with the FILE_FLAG_BACKUP_SEMANTICS attribute.


Applies to Real-Time File Protection, Traffic Security, RPC Network Storage Protection and On-Demand Scan tasks.

You can select tasks for which you want to use every exclusion added to the Trusted Zone. Also, you can exclude objects from scans in the security level settings of every single Kaspersky Security for Windows Server task.

You can add exclusions to the Trusted Zone by their location on the protected device, by name or name mask of the object detected, or by using both criteria.

Based on the exclusion, Kaspersky Security for Windows Server can skip objects while performing the specified tasks according to the following settings:

Page top