Exclude process memory from scans
You can exclude process memory from scans. The application does not scan the memory of the specified processes.
Configuring exclusions in the Web Console
In the Web Console, you can configure excluding process memory from scans in the policy properties (Application settings → General settings → Application settings).
Clicking Configure exclusion of process memory from scans under Exclude process memory from scans opens the Exclude process memory from scans window, where you can create a list of exclusions.
The list in the Exclude process memory from scans window contains the paths to processes that the application excludes from process memory scanning. You can use masks to specify the path. By default, the list is empty.
You can use the * (asterisk) character to create a file or directory name mask.
You can indicate a single * character to represent any set of characters (including an empty set) preceding the / character in the file or directory name. For example, /dir/*/file or /dir/*/*/file.
You can indicate two consecutive * characters to represent any set of characters (including an empty set and the / character) in the file or directory name. For example, /dir/**/file*/ or /dir/file**/.
The ** mask can be used only once in a directory name. For example, /dir/**/**/file is an incorrect mask.
To exclude the mount point /dir, you need to specifically indicate /dir (no asterisk).
The mask /dir/* excludes all mount points at the level below /dir but not /dir itself. The /dir/** mask excludes all mount points below the level of /dir but not /dir itself.
You can use a single ? character to represent any one character in the file or directory name.
You can add, edit, and delete items in the list.
Clicking the Delete button causes Kaspersky Endpoint Security to remove the selected process path from the list.
This button is available if at least one process path is selected in the list.
The Edit button a window where you can change the process path. Kaspersky Endpoint Security excludes the memory of the indicated process from scans.
The Add button opens a window where you can enter the full path to a process. Kaspersky Endpoint Security excludes the memory of the indicated process from scans.
You can also import the list of exclusions from a file by clicking Import and export the list of exclusions to a file in JSON format by clicking Export. When importing, you will be prompted to replace the list of exclusions or add the exclusions to the existing list.
You can enable the merging of the list of exclusions when inherited by child policies. To merge the list items, select the Merge inherited values check box in the Exclude process memory from scans window. If the check box is selected, items in the list of the parent policy are displayed in child policies, and items can be added to the list of the child policy. If the check box is cleared, the list items are not merged when inheriting policy settings. This check box is cleared by default.
Configuring exclusions in the Administration Console
In the Administration Console, you can configure excluding process memory from scans in the policy properties (General settings → Excluding process memory).
Clicking Configure under Exclude process memory from scans opens a window where you can create a list of exclusions.
The list in the Exclude process memory from scans window contains the paths to processes that the application excludes from process memory scanning. You can use masks to specify the path. By default, the list is empty.
You can use the * (asterisk) character to create a file or directory name mask.
You can indicate a single * character to represent any set of characters (including an empty set) preceding the / character in the file or directory name. For example, /dir/*/file or /dir/*/*/file.
You can indicate two consecutive * characters to represent any set of characters (including an empty set and the / character) in the file or directory name. For example, /dir/**/file*/ or /dir/file**/.
The ** mask can be used only once in a directory name. For example, /dir/**/**/file is an incorrect mask.
To exclude the mount point /dir, you need to specifically indicate /dir (no asterisk).
The mask /dir/* excludes all mount points at the level below /dir but not /dir itself. The /dir/** mask excludes all mount points below the level of /dir but not /dir itself.
You can use a single ? character to represent any one character in the file or directory name.
You can add, edit, and delete items in the list.
Clicking the Delete button causes Kaspersky Endpoint Security to remove the selected process path from the list.
This button is available if at least one process path is selected in the list.
The Edit button a window where you can change the process path. Kaspersky Endpoint Security excludes the memory of the indicated process from scans.
The Add button opens a window where you can enter the full path to a process. Kaspersky Endpoint Security excludes the memory of the indicated process from scans.
You can enable the merging of the list of exclusions when inherited by child policies. To merge the list items, select the Merge inherited values check box in the Exclude process memory from scans window. If the check box is selected, items in the list of the parent policy are displayed in child policies, and items can be added to the list of the child policy. If the check box is cleared, the list items are not merged when inheriting policy settings. This check box is cleared by default.
Configuring exclusions on the command line
You can configure excluding process memory from scans in the command line using the MemScanExcludedProgramPath.item_# option in the general application settings.
You can edit the option via command line switches or a configuration file that contains all general application settings.
MemScanExcludedProgramPath.item_# contains the full path to the process in the local directory. You can use masks to specify the path.
You can use the * (asterisk) character to create a file or directory name mask.
You can indicate a single * character to represent any set of characters (including an empty set) preceding the / character in the file or directory name. For example, /dir/*/file or /dir/*/*/file.
You can indicate two consecutive * characters to represent any set of characters (including an empty set and the / character) in the file or directory name. For example, /dir/**/file*/ or /dir/file**/.
The ** mask can be used only once in a directory name. For example, /dir/**/**/file is an incorrect mask.
You can use a single ? character to represent any one character in the file or directory name.
You can specify several processes to exclude from scanning.
Page top