Create Exclusions in WatchGuard Endpoint Security

Applies To: WatchGuard Advanced EPDR This topic applies to the WatchGuard Advanced EPDR endpoint security product., WatchGuard EPDR This topic applies to the WatchGuard EPDR endpoint security product., WatchGuard EDR This topic applies to the WatchGuard EDR endpoint security product., WatchGuard EPP This topic applies to the WatchGuard EPP endpoint security product.

If you do not want WatchGuard Endpoint Security to scan specific files and folders, you create can exclusions.

Folder Exclusions

Before you apply any exclusions, make sure to follow these rules.

• Exclusions contain the full path and support subfolders and files within the specified path
• Exclusions do not contain mapped drives
• Exclusions to network locations contain the full UNC path
• User environment variables only supported for Advanced Protection exclusions
• Wildcards (asterisks and question marks) are not recommended
  • Valid only for Advanced Protection and Antivirus Protection exclusions
  • Use one asterisk per file name and one question mark per character (Windows only)

Examples of correct exclusions:

• Windows

C:\windows\system32

\\192.168.21.23\test

%ProgramFiles%\Test

• Linux

/var/log

/opt/

(exclusions also apply to subdirectories)

Examples of incorrect folder exclusions:

• Windows

Z:\ (where z is a mapped drive)

C:\temp*\

C:\?indows

• Linux

/var/*

/?ar/

File Exclusions

Before you apply any exclusions, make sure to follow these rules.

• Exclusions contain the full path and support subfolders and files within the specified path, except for when using asterisks
• Exclusions do not contain mapped drives
• Exclusions to network locations support full UNC path
• Use of wildcards (asterisks and question marks):
  • Valid for Advanced Protection and Antivirus Protection exclusions
  • Use one asterisk per file name and one question mark per character (Windows only)
  • File paths with asterisks are not supported

Examples of correct file exclusions:

• file*.exe
• C:\data\filename.exe

Examples of incorrect file exclusions:

• C:/data/file*.exe

Create Exclusions

This example excludes files for an individual Windows server. The procedure to exclude files for a workstation or a group of computers is the same. Right-click the appropriate container in the management UI.

To exclude elements from a scan:

1. In WatchGuard Cloud, select Configure > Endpoints.
2. Select Settings.
3. Select Workstations and servers section and select the profile.
4. In the Edit Settings page, select General.
5. In the Exclusions section, enter exclusions such as:
   • Directories
   • Files
   • Extensions
6. After you enter all exclusions, save the changes.
   These changes will be applied in the next update of the signature file.

To learn about which folders to exclude from antivirus scans in ASP.NET applications, go to the Microsoft article, Folders to exclude from antivirus scanning in ASP.NET applications.

Exclusions in Third-Party Products

If you plan to use WatchGuard Endpoint Security with third-party antivirus software, you must add exclusions in both the third-party product and your WatchGuard Endpoint Security product to make sure that they do not overlap or create false detections.

You should exclude these directories in your antivirus detection software:

%programfiles%\Panda Security

%programfiles(x86)%\Panda Security

%allusersprofile%\Panda Security