Creating an exclusion for protection of shared folders against external encryption

Support

Support for business applications

Kaspersky Endpoint Security 11 for Windows

Computer protection

Behavior Detection

Protection of shared folders against external encryption

Creating an exclusion for protection of shared folders against external encryption

April 25, 2024

ID 234668

Get as PDF

Excluding a folder can reduce the amount of false positives if your organization uses data encryption when exchanging files using shared folders. For example, Behavior Detection can raise false positives when the user works with files with the ENC extension in a shared folder. Such activity matches a behavioral pattern that is typical for external encryption. If you have encrypted files in a shared folder to protect data, add that folder to exclusions.

How to create an exclusion for protection of shared folders using the Administration Console (MMC)

Open the Kaspersky Security Center Administration Console.
In the Managed devices folder in the Administration Console tree, open the folder with the name of the administration group to which the relevant client computers belong.
In the workspace, select the Policies tab.
Select the necessary policy and double-click to open the policy properties.
In the policy window, select General settings → Exclusions.
In the Scan exclusions and trusted applications block, click the Settings button.
In the window that opens, select the Scan exclusions tab.
This opens a window containing a list of exclusions.
Select the Merge values when inheriting check box if you want to create a consolidated list of exclusions for all computers in the company. The lists of exclusions in the parent and child policies will be merged. The lists will be merged provided that merging values when inheriting is enabled. Exclusions from the parent policy are displayed in child policies in a read-only view. Changing or deleting exclusions of the parent policy is not possible.
Select the Allow use of local exclusions check box if you want to enable the user to create a local list of exclusions. This way, a user can create their own local list of exclusions in addition to the general list of exclusions generated in the policy. An administrator can use Kaspersky Security Center to view, add, edit, or delete list items in the computer properties.
If the check box is cleared, the user can access only the general list of exclusions generated in the policy.
Click Add.
In the Properties block, select the File or folder check box.
Click the select file or folder link in the Scan exclusion description (click underlined items to edit them) block to open the Name of file or folder window.
Click Browse and select the shared folder.
You can also enter the path manually. Kaspersky Endpoint Security supports the * and ? characters when entering a mask:
- The * (asterisk) character, which takes the place of any set of characters, except the \ and / characters (delimiters of the names of files and folders in paths to files and folders). For example, the mask C:\*\*.txt will include all paths to files with the TXT extension located in folders on the C: drive, but not in subfolders.
- Two consecutive * characters take the place of any set of characters (including an empty set) in the file or folder name, including the \ and / characters (delimiters of the names of files and folders in paths to files and folders). For example, the mask C:\Folder\**\*.txt will include all paths to files with the TXT extension located in folders nested within the Folder, except the Folder itself. The mask must include at least one nesting level. The mask C:\**\*.txt is not a valid mask.
- The ? (question mark) character, which takes the place of any single character, except the \ and / characters (delimiters of the names of files and folders in paths to files and folders). For example, the mask C:\Folder\???.txt will include paths to all files residing in the folder named Folder that have the TXT extension and a name consisting of three characters.
You can use masks at the beginning, in the middle or at the end of the file path. For example, if you want to add a folder for all users to exclusions, enter the C:\Users\*\Folder\ mask.
If necessary, in the Comment field, enter a brief comment on the scan exclusion that you are creating.
Click the any link in the Scan exclusion description (click underlined items to edit them) block to activate the select components link.
Click the select components link to open the Protection components window.
Select the check box next to the Behavior Detection component.
Save your changes.

How to create an exclusion for protection of shared folders using the Web Console and Cloud Console

In the main window of the Web Console, select Devices → Policies & Profiles.
Click the name of the Kaspersky Endpoint Security policy.
The policy properties window opens.
Select the Application settings tab.
Go to General settings → Exclusions.
In the Scan exclusions and trusted applications block, click the Scan exclusions link.
Select the Merge values when inheriting check box if you want to create a consolidated list of exclusions for all computers in the company. The lists of exclusions in the parent and child policies will be merged. The lists will be merged provided that merging values when inheriting is enabled. Exclusions from the parent policy are displayed in child policies in a read-only view. Changing or deleting exclusions of the parent policy is not possible.
Select the Allow use of local exclusions check box if you want to enable the user to create a local list of exclusions. This way, a user can create their own local list of exclusions in addition to the general list of exclusions generated in the policy. An administrator can use Kaspersky Security Center to view, add, edit, or delete list items in the computer properties.
If the check box is cleared, the user can access only the general list of exclusions generated in the policy.
Click the Add button.
Select how you want to add the exclusion File or folder.
Click Browse and select the shared folder.
You can also enter the path manually. Kaspersky Endpoint Security supports the * and ? characters when entering a mask:
- The * (asterisk) character, which takes the place of any set of characters, except the \ and / characters (delimiters of the names of files and folders in paths to files and folders). For example, the mask C:\*\*.txt will include all paths to files with the TXT extension located in folders on the C: drive, but not in subfolders.
- Two consecutive * characters take the place of any set of characters (including an empty set) in the file or folder name, including the \ and / characters (delimiters of the names of files and folders in paths to files and folders). For example, the mask C:\Folder\**\*.txt will include all paths to files with the TXT extension located in folders nested within the Folder, except the Folder itself. The mask must include at least one nesting level. The mask C:\**\*.txt is not a valid mask.
- The ? (question mark) character, which takes the place of any single character, except the \ and / characters (delimiters of the names of files and folders in paths to files and folders). For example, the mask C:\Folder\???.txt will include paths to all files residing in the folder named Folder that have the TXT extension and a name consisting of three characters.
You can use masks at the beginning, in the middle or at the end of the file path. For example, if you want to add a folder for all users to exclusions, enter the C:\Users\*\Folder\ mask.
In the Protection components block, select the Behavior Detection component.
If necessary, in the Comment field, enter a brief comment on the scan exclusion that you are creating.
Select the Active status for the exclusion.
You can use the toggle to stop an exclusion at any time.
Save your changes.

How to create an exclusion for protection of shared folders in the application interface

In the main application window, click the button.
In the application settings window, select General settings → Threats and Exclusions.
In the Exclusions block, click the Manage exclusions link.
Click Add.
Click Browse and select the shared folder.
You can also enter the path manually. Kaspersky Endpoint Security supports the * and ? characters when entering a mask:
- The * (asterisk) character, which takes the place of any set of characters, except the \ and / characters (delimiters of the names of files and folders in paths to files and folders). For example, the mask C:\*\*.txt will include all paths to files with the TXT extension located in folders on the C: drive, but not in subfolders.
- Two consecutive * characters take the place of any set of characters (including an empty set) in the file or folder name, including the \ and / characters (delimiters of the names of files and folders in paths to files and folders). For example, the mask C:\Folder\**\*.txt will include all paths to files with the TXT extension located in folders nested within the Folder, except the Folder itself. The mask must include at least one nesting level. The mask C:\**\*.txt is not a valid mask.
- The ? (question mark) character, which takes the place of any single character, except the \ and / characters (delimiters of the names of files and folders in paths to files and folders). For example, the mask C:\Folder\???.txt will include paths to all files residing in the folder named Folder that have the TXT extension and a name consisting of three characters.
You can use masks at the beginning, in the middle or at the end of the file path. For example, if you want to add a folder for all users to exclusions, enter the C:\Users\*\Folder\ mask.
In the Protection components block, select the Behavior Detection component.
If necessary, in the Comment field, enter a brief comment on the scan exclusion that you are creating.
Select the Active status for the exclusion.
You can use the toggle to stop an exclusion at any time.
Save your changes.

Kaspersky Endpoint Security for Windows: Detection of advanced threats

Control systems which prevent damage from the sensitive data theft. Management from a single console. Buy as part of Endpoint Security for Business Advanced.

Kaspersky Premium Support (MSA): High‑priority incident processing

Telephone and web ticket support. Fast response, monitoring and health check. Submit a request and activate the contract (MSA).

Did you find this article helpful?

What can we do better?

Thank you for your feedback! You're helping us improve.