Create Exclusions in WatchGuard Endpoint Security

Applies To: WatchGuard EPDR, WatchGuard EDR, WatchGuard EPP

If you do not want WatchGuard Endpoint Security to scan specific files and folders, you create can exclusions.

Before You Begin

Before you apply any exclusions, make sure to follow these rules.

Folder exclusions:

  • Exclusions contain the full path
  • Exclusions do not contain mapped drives
  • Exclusions to network locations contain the full UNC path
  • User environment variables only supported for Advanced Protection exclusions
  • Wildcards (asterisks and question marks) are not supported

Examples of correct folder exclusions:

  • Windows




  • Linux



(exclusions also apply to subdirectories)

Examples of incorrect folder exclusions:

  • Windows

Z:\ (where z is a mapped drive)



  • Linux



File exclusions:

  • Exclusions contain the full path.
  • Exclusions do not contain mapped drives.
  • Exclusions to network locations contain the full UNC path.
  • Use of wildcards (asterisks and question marks):
    • For security reasons, we do not recommend their use.
    • Valid for Advanced Protection and Antivirus Protection exclusions.
    • Use one asterisk per file name and one question mark per character (Windows only).

Create Exclusions

This example excludes files for an individual Windows server. The procedure to exclude files for a workstation or a group of computers is the same. Right-click the appropriate container in the web UI.

To exclude elements from a scan:

  1. Access the Endpoint Security web UI.
  2. On the Settings tab, in the Workstations and servers section, select the profile.
  3. On the Edit Settings screen, select the General option.
  4. In the Exclusions section, enter exclusions such as:
    • Directories.
    • Files.
    • Extensions.
  5. After you enter all exclusions, save the changes.
    These changes will be applied in the next update of the signature file.

Screen shot of the Exclusions dialog box

To learn about which folders to exclude from antivirus scans in ASP.NET applications, see the Microsoft article, Folders to exclude from antivirus scanning in ASP.NET applications.