Main Menu
  • COMPANY
    • Boundless Cybersecurity
    • Press Releases
    • News
    • Awards
    • Leadership
    • Press Kit
    • Careers
  • PROMOTIONS
    • Customer Loyalty Program
  • MANAGED SERVICES
    • Managed Security Services
    • Security as a Service
    • Professional Services
SonicWall
  • Products
    • Network Security
      • Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
      • Security ServicesComprehensive security for your network security solution
      • Network Security ManagerModern Security Management for today’s security landscape
    • Advanced Threat Protection
      • Capture ATPMulti-engine advanced threat detection
      • Capture Security applianceAdvanced Threat Protection for modern threat landscape
    • Access Security
      • Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
      • Secure Mobile AccessRemote, best-in-class, secure access
      • Wireless Access PointsEasy to manage, fast and secure Wi-FI
      • SwitchesHigh-speed network switching for business connectivity
    • Email Security
      • Email SecurityProtect against today’s advanced email threats
    • Cloud Security
      • Cloud App SecurityVisibility and security for Cloud Apps
      • Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
    • Endpoint Security
      • Capture ClientStop advanced threats and rollback the damage caused by malware
      • Content Filtering ClientControl access to unwanted and unsecure web content
    • Product Widgets
      • Product Menu Right Image
      • Capture Cloud Platform
        Capture Cloud Platform

        A security ecosystem to harness the power of the cloud

    • Button Widgets
      • Products A-Z
        all products A–Z FREE TRIALS
  • Solutions
    • Industries
      • Distributed Enterprises
      • Retail & Hospitality
      • K-12 Education
      • Higher Education
      • State & Local
      • Federal
      • Healthcare
      • Financial Services
      • Carriers
    • Use Cases
      • Secure SD-Branch
      • Zero Trust Security
      • Secure SD-WAN
      • Office 365 Security
      • SaaS Security
      • Secure WiFi
    • Solutions Widgets
      • Solutions Content Widgets
        Federal

        Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions

      • Solutions Image Widgets
  • Partners
    • SonicWall Partners
      • Partners Overview
      • Find a Partner
      • Authorized Distributors
      • Technology Partners
    • Partner Resources
      • Become a Partner
      • SonicWall University
      • Training & Certification
    • Partner Widgets
      • Custom HTML : Partners Content WIdgets
        Partner Portal

        Access to deal registration, MDF, sales and marketing tools, training and more

      • Partners Image Widgets
  • Support
    • Support
      • Support Portal
      • Knowledge Base
      • Technical Documentation
      • Community
      • Video Tutorials
      • Product Life Cycle Tables
      • Partner Enabled Services
      • Contact Support
    • Resources
      • Resource Center
      • Free Trials
      • Blog
      • SonicWall University
      • MySonicWall
    • Capture Labs
      • Capture Labs
      • Security Center
      • Security News
      • PSIRT
      • Application Catalog
    • Support Widget
      • Custom HTML : Support Content WIdgets
        Support Portal

        Find answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials

      • Support Image Widgets
  • COMPANY
    • Boundless Cybersecurity
    • Press Releases
    • News
    • Awards
    • Leadership
    • Press Kit
    • Careers
  • PROMOTIONS
    • Customer Loyalty Program
  • MANAGED SERVICES
    • Managed Security Services
    • Security as a Service
    • Professional Services
  • Contact Sales
  • English English English en
  • BLOG
  • CONTACT SALES
  • FREE TRIALS
  • English English English en
SonicWall
  • Products
    • Network Security
      • Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
      • Security ServicesComprehensive security for your network security solution
      • Network Security ManagerModern Security Management for today’s security landscape
    • Advanced Threat Protection
      • Capture ATPMulti-engine advanced threat detection
      • Capture Security applianceAdvanced Threat Protection for modern threat landscape
    • Access Security
      • Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
      • Secure Mobile AccessRemote, best-in-class, secure access
      • Wireless Access PointsEasy to manage, fast and secure Wi-FI
      • SwitchesHigh-speed network switching for business connectivity
    • Email Security
      • Email SecurityProtect against today’s advanced email threats
    • Cloud Security
      • Cloud App SecurityVisibility and security for Cloud Apps
      • Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
    • Endpoint Security
      • Capture ClientStop advanced threats and rollback the damage caused by malware
      • Content Filtering ClientControl access to unwanted and unsecure web content
    • Product Widgets
      • Product Menu Right Image
      • Capture Cloud Platform
        Capture Cloud Platform

        A security ecosystem to harness the power of the cloud

    • Button Widgets
      • Products A-Z
        all products A–Z FREE TRIALS
  • Solutions
    • Industries
      • Distributed Enterprises
      • Retail & Hospitality
      • K-12 Education
      • Higher Education
      • State & Local
      • Federal
      • Healthcare
      • Financial Services
      • Carriers
    • Use Cases
      • Secure SD-Branch
      • Zero Trust Security
      • Secure SD-WAN
      • Office 365 Security
      • SaaS Security
      • Secure WiFi
    • Solutions Widgets
      • Solutions Content Widgets
        Federal

        Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions

      • Solutions Image Widgets
  • Partners
    • SonicWall Partners
      • Partners Overview
      • Find a Partner
      • Authorized Distributors
      • Technology Partners
    • Partner Resources
      • Become a Partner
      • SonicWall University
      • Training & Certification
    • Partner Widgets
      • Custom HTML : Partners Content WIdgets
        Partner Portal

        Access to deal registration, MDF, sales and marketing tools, training and more

      • Partners Image Widgets
  • Support
    • Support
      • Support Portal
      • Knowledge Base
      • Technical Documentation
      • Community
      • Video Tutorials
      • Product Life Cycle Tables
      • Partner Enabled Services
      • Contact Support
    • Resources
      • Resource Center
      • Free Trials
      • Blog
      • SonicWall University
      • MySonicWall
    • Capture Labs
      • Capture Labs
      • Security Center
      • Security News
      • PSIRT
      • Application Catalog
    • Support Widget
      • Custom HTML : Support Content WIdgets
        Support Portal

        Find answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials

      • Support Image Widgets
  • COMPANY
    • Boundless Cybersecurity
    • Press Releases
    • News
    • Awards
    • Leadership
    • Press Kit
    • Careers
  • PROMOTIONS
    • Customer Loyalty Program
  • MANAGED SERVICES
    • Managed Security Services
    • Security as a Service
    • Professional Services
  • Contact Sales
  •
  • Menu

Best Practices for Exclusions

06/19/2020 17 People found this article helpful 88,858 Views

    Download
    Print
    Share
    • LinkedIn
    • Twitter
    • Facebook
    • Email
    • Copy URL The link has been copied to clipboard

    Description

    When you make a path exclusion, we highly recommend that you add the exclusion to the smallest relevant scope of endpoints - a specific group. For example, do not add exclusions to the default policy of the default group. Create a group of endpoints that use the application to exclude.

    Resolution

    These rules apply to path (file and folder) exclusions for all versions:

    • You cannot put more than one exclusion path in one exclusion. AND, OR are not supported in exclusions. 

    • If you can exclude a hash, it is safest. Be aware that it will exclude only the specific version of a process and not all processes of this name.
    • If you can exclude specific files rather than a path, that is safer. If an exploit inserts malware to an excluded path, we cannot protect the endpoints.
    • The exclusion modes show from the highest level of security to the least secure. Use the most secure exclusion mode that resolves your issue.

    • Environment variables are not supported. For example: Change: %appdata% To: C:\Users\Bob\AppData\Roaming\

      Or use the * wildcard to match all users: C:\Users\*\AppData\Roaming\

    • Regular expressions are not supported.

    • For Interoperability and Performance Focus exclusions (formerly Do not Monitor or Do not Inject): For processes that cannot be restarted, such as System processes or Anti-virus processes, you must reboot endpoints to apply or remove an exclusion. For processes that can be restarted, such as a browser, you can restart the process to apply or remove an exclusion. Best Practice: We recommend that you restart all affected endpoints to apply or remove an Interoperability or Performance Focus exclusion.

    • If you make an exclusion for an AppStacked application or snapvolume, use the folder SVROOT for the mount. For example:  Change: C:\Program Files (x86)\Click\check.exe To:  *\SVROOT\Program Files (x86)\Click\check.exe to exclude C:\snapvolumes\{GUID}\SVROOT\Program Files (x86)\Click\check.exe

    • Exclusions for Windows and macOS are NOT case sensitive. Exclusions for Linux are case sensitive.

    Exclusion rules for Windows:

    • The path can start with the drive letter. If the drive is not included, the exclusion applies to all drives. For example:

    • C:\calc.exe excludes CALC on the root of the C drive.

    • calc.exe excludes CALC on all directories and drives.

    • If you select Include Subfolders, the path must end with a backslash (\).

    • DO NOT USE a wildcard as the drive directory ( *: or ?: ).

      For example, do NOT use *:\Program Files or ?:\Program Files in an exclusion path. Instead, use *\Program Files to exclude Program Files on all drives.

      You CAN use the wildcard * to refer to any character or characters, or the metacharacter ? to refer to one character that is NOT a drive letter.

      • Examples with wildcard * to refer to any character or characters: 

        C:\c*c.exe excludes files that start with “c” and end with “c.exe” on all directories and drives. This includes CALC.EXE, CAMC.EXE, CHARLIE.DOC.EXE

        Example to exclude the Archives folder in a nested directory:  C:\*\Archives\ 

        Example to exclude Go2Meeting for all users: C:\Users\*\AppData\Local\GoToMeeting\*\g2mlauncher.exe

      • Example with metacharacter ? to refer to one character:

        You CAN use:  C:\test?\  to exclude C:\test1\ and C:\testf\.

        Example to exclude a temp directory in all drives: harddiskvolume?\temp\

        DO NOT USE ? as the drive letter. For example, do NOT use ?:\test1\ in an exclusion path.

    Exclusion rules for Linux and macOS:

    • The path must be absolute: start with a forward slash ( / - ASCII char 47).

    • The path must not have a space in the start or end.

    • If you select Include Subfolders, the path must end with a forward slash.

    • Linux - Wildcards are not supported in Linux Agent versions 2.6 and earlier. They are supported in 3.0 and later, in the same manner as with the Windows Agent.

    • macOS - The * wildcard is supported in path exclusions.

      For example:

      • /Users/*/Applications/<NAME>.app/ excludes all users and app subfolders

      • /Users/?*/Desktop/<NAME>.app/  excludes all users and app subfolders and their subfolders

      • /Users/<USER>/Desktop/<NAME>.app/*  excludes all files in this path.

    Related Articles

    • How to configure Web Content Filtering on Capture Client 3.6
    • How to export logs from the Capture client console and the endpoint
    • How to Download and Install Capture Client

    Categories

    • Endpoint Security > Capture Client > Network

    Not Finding Your Answers?

    ASK THE COMMUNITY

    Was This Article Helpful?

    YESNO

    Article Helpful Form

    Article Not Helpful Form

    Company
    • Careers
    • News
    • Leadership
    • Awards
    • Press Kit
    • Contact Us
    Popular resources
    • Communities
    • Blog
    • SonicWall Capture Labs

    Stay In Touch

    • By submitting this form, you agree to our Terms of Use and acknowledge our Privacy Statement. You can unsubscribe at any time from the Preference Center.
    • This field is for validation purposes and should be left unchanged.
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
    • Instagram

    © 2022 SonicWall. All Rights Reserved.

    • Legal
    • Privacy
    • English
    Scroll to top
    Trace:4ee82ce2006b54d95245027ae7978e4a-89