Editing the protection scope
The protection scope is a list of paths to shared folders in which Kaspersky Endpoint Security monitors file activity. Kaspersky Endpoint Security supports environment variables and the * and ? characters when entering a mask. By default, the application automatically identifies shared folders and monitors file activity in all folders.
Excluding a folder from the protection scope can reduce the amount of false positives if your organization uses data encryption when exchanging files using shared folders. For example, Behavior Detection can raise false positives when the user works with files with the ENC extension in a shared folder. Such activity matches a behavioral pattern that is typical for external encryption. If you have encrypted files in a shared folder to protect data, add that folder to exclusions.
You can also exclude computers from which external encryption attempts must not be handled.
How to edit a protection scope in the Administration Console (MMC)
- Open the Kaspersky Security Center Administration Console.
- In the console tree, select Policies.
- Select the necessary policy and double-click to open the policy properties.
- In the policy window, select Advanced Threat Protection → Behavior Detection.
- In the Protection scope block, click the Shared folders button.
- In the window that opens, select the Only specified shared folders mode.
- In the list of folders, click Add.
- This opens a window; in that window, enter the path to the shared folder that you want to include in the protection scope (for example,
C:\Share).To add a shared folder to the protection scope, use a local path.
- Click OK.
- If necessary, define protection scope exclusions:
- In the Exclusions block, click the By mask button.
- In the window that opens, click the Add button.
- In the displayed window, specify a file extension in the
*.<file extension>format or a folder path. Kaspersky Endpoint Security supports the*and?characters when entering a mask.The application does not support some exclusion file extensions. Thus, you can specify an exclusion as
*.docxor**\Folder\**.
You can exclude an object from scans without removing it from the list of objects in the protection scope. To do so, clear the check box next to the object.
- Save your changes.
How to edit a protection scope in the Web Console and Cloud Console
- In the main window of the Web Console, select Assets (Devices) → Policies & profiles.
- Click the name of the Kaspersky Endpoint Security policy.
The policy properties window opens.
- Select the Application settings tab.
- Go to Advanced Threat Protection → Behavior Detection.
- In the Protection scope block, click the Shared folders link.
- In the window that opens, select the Only specified shared folders mode.
- In the list of folders, click Add.
- This opens a window; in that window, enter the path to the shared folder that you want to include in the protection scope (for example,
C:\Share).To add a shared folder to the protection scope, use a local path.
- Click OK.
- If necessary, define protection scope exclusions:
- In the Exclusions block, click the Exclusions by mask link.
- In the window that opens, click the Add button.
- In the displayed window, specify a file extension in the
*.<file extension>format or a folder path. Kaspersky Endpoint Security supports the*and?characters when entering a mask.The application does not support some exclusion file extensions. Thus, you can specify an exclusion as
*.docxor**\Folder\**.
- You can exclude an object from scans without removing it from the list of objects in the protection scope. To do so, clear the check box next to the object.
- Save your changes.
How to edit a protection scope in the application interface
- In the main application window, click the
button. - In the application settings window, select General settings → Exclusions and types of detected objects.
- In the Exclusions block, click the Manage exclusions link.
- Click Add.
- Click Browse and select the shared folder.
You can also enter the path manually. Kaspersky Endpoint Security supports the
*and?characters when entering a mask:- The
*(asterisk) character, which takes the place of any set of characters, except the\and/characters (delimiters of the names of files and folders in paths to files and folders). For example, the maskC:\*\*.txtwill include all paths to files with the TXT extension located in folders on the C: drive, but not in subfolders. - Two consecutive
*characters take the place of any set of characters (including an empty set) in the file or folder name, including the\and/characters (delimiters of the names of files and folders in paths to files and folders). For example, the maskC:\Folder\**\*.txtwill include all paths to files with the TXT extension located in folders nested within theFolder, except theFolderitself. The mask must include at least one nesting level. The maskC:\**\*.txtis not a valid mask. - The
?(question mark) character, which takes the place of any single character, except the\and/characters (delimiters of the names of files and folders in paths to files and folders). For example, the maskC:\Folder\???.txtwill include paths to all files residing in the folder namedFolderthat have the TXT extension and a name consisting of three characters.
You can use masks at the beginning, in the middle or at the end of the file path. For example, if you want to add a folder for all users to exclusions, enter the
?:\Users\*\Folder\mask. - The
- In the Protection components block, select the Behavior Detection component.
- If necessary, in the Comment field, enter a brief comment on the scan exclusion that you are creating.
- Select the Active status for the exclusion.
You can use the toggle to stop an exclusion at any time.
- Save your changes.
- In the main window of the Web Console, select Assets (Devices) → Policies & profiles.
- Click the name of the Kaspersky Endpoint Security policy.
The policy properties window opens.
- Select the Application settings tab.
- Go to General settings → Exclusions and types of detected objects.
- In the Scan exclusions and trusted applications block, click the Scan exclusions link.
- Select the Merge values when inheriting check box if you want to create a consolidated list of exclusions for all computers in the company. The lists of exclusions in the parent and child policies will be merged. The lists will be merged provided that merging values when inheriting is enabled. Exclusions from the parent policy are displayed in child policies in a read-only view. Changing or deleting exclusions of the parent policy is not possible.
- Select the Allow use of local exclusions check box if you want to enable the user to create a local list of exclusions. This way, a user can create their own local list of exclusions in addition to the general list of exclusions generated in the policy. An administrator can use Kaspersky Security Center to view, add, edit, or delete list items in the computer properties.
If the check box is cleared, the user can access only the general list of exclusions generated in the policy. Also, if this check box is cleared, Kaspersky Endpoint Security hides the consolidated list of scan exclusions in the user interface of the application.
- Click Add and select an action:
- Category. You can group scan exclusions into separate categories. To create a new category, enter the name of the category and add at least one scan exclusion to the category.
- New exclusion. Kaspersky Endpoint Security adds a new scan exclusion to the root of the list.
- Select exclusion from list. To quickly configure Kaspersky Endpoint Security on SQL servers, Microsoft Exchange servers, and System Center Configuration Manager, the application includes predefined scan exclusions. Also predefined scan exclusions have been added to support application set-up in Citrix and VMware virtual environments. You must select predefined scan exclusions depending on the purpose of the protected server.
- Click Add.
- Select how you want to add the exclusion File or folder.
- Click Browse and select the shared folder.
You can also enter the path manually. Kaspersky Endpoint Security supports the
*and?characters when entering a mask:- The
*(asterisk) character, which takes the place of any set of characters, except the\and/characters (delimiters of the names of files and folders in paths to files and folders). For example, the maskC:\*\*.txtwill include all paths to files with the TXT extension located in folders on the C: drive, but not in subfolders. - Two consecutive
*characters take the place of any set of characters (including an empty set) in the file or folder name, including the\and/characters (delimiters of the names of files and folders in paths to files and folders). For example, the maskC:\Folder\**\*.txtwill include all paths to files with the TXT extension located in folders nested within theFolder, except theFolderitself. The mask must include at least one nesting level. The maskC:\**\*.txtis not a valid mask. - The
?(question mark) character, which takes the place of any single character, except the\and/characters (delimiters of the names of files and folders in paths to files and folders). For example, the maskC:\Folder\???.txtwill include paths to all files residing in the folder namedFolderthat have the TXT extension and a name consisting of three characters.
You can use masks at the beginning, in the middle or at the end of the file path. For example, if you want to add a folder for all users to exclusions, enter the
C:\Users\*\Folder\mask. - The
- In the Protection components block, select the Behavior Detection component.
- If necessary, in the Comment field, enter a brief comment on the scan exclusion that you are creating.
- Select the Active status for the exclusion.
You can use the toggle to stop an exclusion at any time.
- Save your changes.
- Open the Kaspersky Security Center Administration Console.
- In the console tree, select Policies.
- Select the necessary policy and double-click to open the policy properties.
- In the policy window, select General settings → Exclusions and object types.
- In the Scan exclusions and trusted applications → Scan exclusions block, click the Settings button.
This opens a window containing a list of exclusions.
- Select the Merge values when inheriting check box if you want to create a consolidated list of exclusions for all computers in the company. The lists of exclusions in the parent and child policies will be merged. The lists will be merged provided that merging values when inheriting is enabled. Exclusions from the parent policy are displayed in child policies in a read-only view. Changing or deleting exclusions of the parent policy is not possible.
- Select the Allow use of local exclusions check box if you want to enable the user to create a local list of exclusions. This way, a user can create their own local list of exclusions in addition to the general list of exclusions generated in the policy. An administrator can use Kaspersky Security Center to view, add, edit, or delete list items in the computer properties.
If the check box is cleared, the user can access only the general list of exclusions generated in the policy. Also, if this check box is cleared, Kaspersky Endpoint Security hides the consolidated list of scan exclusions in the user interface of the application.
- Click Add and select an action:
- Category. You can group scan exclusions into separate categories. To create a new category, enter the name of the category and add at least one scan exclusion to the category.
- New exclusion. Kaspersky Endpoint Security adds a new scan exclusion to the root of the list.
- Select exclusion from list. To quickly configure Kaspersky Endpoint Security on SQL servers, Microsoft Exchange servers, and System Center Configuration Manager, the application includes predefined scan exclusions. Also predefined scan exclusions have been added to support application set-up in Citrix and VMware virtual environments. You must select predefined scan exclusions depending on the purpose of the protected server.
- Click Add.
- In the Properties block, select the File or folder check box.
- Click the Select file or folder link in the Scan exclusion description (click underlined items to edit them) block to open the Name of file or folder window.
- Click Browse and select the shared folder.
You can also enter the path manually. Kaspersky Endpoint Security supports the
*and?characters when entering a mask:- The
*(asterisk) character, which takes the place of any set of characters, except the\and/characters (delimiters of the names of files and folders in paths to files and folders). For example, the maskC:\*\*.txtwill include all paths to files with the TXT extension located in folders on the C: drive, but not in subfolders. - Two consecutive
*characters take the place of any set of characters (including an empty set) in the file or folder name, including the\and/characters (delimiters of the names of files and folders in paths to files and folders). For example, the maskC:\Folder\**\*.txtwill include all paths to files with the TXT extension located in folders nested within theFolder, except theFolderitself. The mask must include at least one nesting level. The maskC:\**\*.txtis not a valid mask. - The
?(question mark) character, which takes the place of any single character, except the\and/characters (delimiters of the names of files and folders in paths to files and folders). For example, the maskC:\Folder\???.txtwill include paths to all files residing in the folder namedFolderthat have the TXT extension and a name consisting of three characters.
You can use masks at the beginning, in the middle or at the end of the file path. For example, if you want to add a folder for all users to exclusions, enter the
?:\Users\*\Folder\mask. - The
- If necessary, in the Comment field, enter a brief comment on the scan exclusion that you are creating.
- Click the link in the Scan exclusion description (click underlined items to edit them) block to open the Protection components window.
- Select the check box next to the Behavior Detection component.
- Save your changes.
- In the main application window, click the button.
- In the application settings window, select Advanced Threat Protection → Behavior Detection.
Behavior Detection settings
- In the Protection scope block, click the Shared folders link.
- In the window that opens, select the Only specified shared folders mode.
- In the list of folders, click Add.
- This opens a window; in that window, enter the path to the shared folder that you want to include in the protection scope (for example,
C:\Share).To add a shared folder to the protection scope, use a local path.
- Click OK.
- If necessary, define protection scope exclusions:
- In the Exclusions block, click the Exclusions by mask link.
- In the window that opens, click the Add button.
- In the displayed window, specify a file extension in the
*.<file extension>format or a folder path. Kaspersky Endpoint Security supports the*and?characters when entering a mask.The application does not support some exclusion file extensions. Thus, you can specify an exclusion as
*.docxor**\Folder\**.
- You can exclude an object from scans without removing it from the list of objects in the protection scope. To do so, clear the check box next to the object.
- Save your changes.