Exclude Files and File Paths from Scans

Applies To: WatchGuard EPDR, WatchGuard EDR, WatchGuard EPP

Settings vary for WatchGuard EPDR, WatchGuard EDR, and WatchGuard EPP. Throughout this documentation, WatchGuard Endpoint Security refers generally to all three products. If you do not see a setting in the web UI, it is not supported by your product.

In the General settings of a workstations and servers settings profile, you can exclude files and paths from scans. WatchGuard Endpoint Security does not block, delete, or disinfect excluded items when it scans for malware.

Exclusions disable antivirus and advanced protection for the specified files and file paths. We recommend that you only exclude files and paths to resolve performance problems.

WatchGuard Endpoint Security blocks programs it does not know until they are scanned and classified as safe. To run a unclassified program, such as a niche program with few users, you do not need to add an exception. To unblock an unclassified program, add it to the Authorized Software list. For more information, see Configure Authorized Software Settings (Windows computers).

To configure scan exclusions:

  1. From the top navigation bar, select Settings.
  2. From the left pane, select Workstations and Servers.
  3. Select an existing security settings profile to edit, copy an existing profile, or in the upper-right corner of the page, click Add to create a new profile.
    The Add Settings or Edit Settings page opens.
  4. Enter a Name and Description for the profile, if required.
  5. Select General.

Screen shot of WatchGuard Endpoint Security, Edit settings

  1. To exclude all files with specific extensions, in the Files and Paths Excluded from Scans section, in the Extensions text box, type file extensions, separated by commas.
    For example, exe, com.
  2. To exclude specific files, in the Files text box, type the file names and paths to exclude, separated by commas.
    For example, C:\windows\system32\filename.dll. You can include question mark and asterisk wildcards.
  3. To exclude all files and folders in a specific location, in the Folders text box, type a folder path.
    For example, C:\windows\system32 , \\\test, and %ProgramFiles%\Test.
  4. To exclude email attachments with specific file extensions, in the Extensions text box, type the file extensions for an attachment, separated by commas.
    For example, exe.
  5. Click Save.
  6. Select the profile and assign recipients, if required.
    For more information, see Assign a Settings Profile.

See Also

Create Exclusions in WatchGuard Endpoint Security

Manage Settings Profiles

Copy a Settings Profile

Edit a Settings Profile

Assign a Settings Profile

Workstation and Server Security Settings