In this Document we will cover AV Defender exclusions. Files that AV Defender deem to be potentially infected are put into quarantine. This means they are intercepted and stored in a safe location until you can examine them to determine if they are safe to enter the network.
You can delete or restore messages or files that have been isolated due to the detection of malware.
1. Click Configuration > Security Manager > Quarantine Management.
2. To filter the list of quarantined files, click Show Filter on the right-hand side of the window.
3. Select the check box next to the file that you want to manage.
- Click Delete to permanently remove the quarantined file from the system.
- Click Restore to return the quarantined file to the original location without modification. If a file with the same filename currently exists in the original location, it will be overwritten.
To exclude a file/process/network share or a URL please follow the steps below.
1. From the tabs on the left-hand side, expand Configuration, then Security Manager, Global Exclusions.
2. On the new window you will see the below screenshot. Here is where you create the needed exclusion. If you are going to exclude a process such as chrome you would need the full file path of the software. So for example we would exclude: (C:\Program Files (x86)\Google\Chrome\Application\Chrome.exe) our type would be “Process”
3. If you need to exclude a file/folder you would follow step 2 but we would change our tab to File/Folder and we would not have to include the file extension example.exe
a. If we wanted to exclude the SharePoint folders we would do %program files%\Microsoft\SharePoint, and select folder. This will exclude all files and folders under that directory.
b. If we need to exclude a file, follow the same steps as above. The difference with the file exclusion would be we are leaving out other folders under the main folder. For example if we excluded a PDF file and not JPEGS. We would exclude where the file is located (C:\users\user1\downloads\PDF\pdf1).
c. After a file/folder or program has been excluded it can be restored by doing the following.
i. Click on Quarantine Management under Configuration, Security Manager.
ii. This will show you all of the blocked programs, files/folders.
iii. The file location must match for the exclusion to work if it does not, the restore will fail.
iv. Select the needed file, and click on restore.
v. If the restore is successful the file will remove itself from the quarantined management dashboard.
4. If we need to exclude a network share or a URL then we will click on the network scan tab.
a. This will allow us to add an exclusion for a URL. An example of this would be http://google.com or https://google.com. We cannot forget the http or https for the website if we do the exclusion will not work. We can use http* (http*://google.com) as well to allow the site.
b. If a website has other content on it as a link that is not showing up and needs to be then we can add a wildcard to it. An example of this would be http://google.com*