Create Exclusion

You can exclude selected item(s) from being detected in the future. You can exclude only icon_antivirusAntivirus detections.

warning

Warning

Use exclusions with caution - they may result in an infected computer.

In ECA, there are two exclusion categories:

1.Performance exclusions - Exclusions of files and folders defined by a path. You can create them via a Policy. See also performance exclusions format and examples.

2.Detection exclusions - Exclusions of files defined by detection name, detection name and its path, or by object hash (SHA-1). See also examples of detection exclusions by detection name.

ECA includes a icon_create_exclusion Create Exclusion wizard for management of detection exclusions. You can create a detection exclusion and apply it to more computers/group(s).

The More > Exclusions section contains all detection exclusions, increases their visibility and simplifies their management.

warning

Warning

In ECA, you cannot create detection exclusions via a Policy.

In case your policies contained detection exclusions previously, you can migrate exclusions from a Policy to the Exclusions list.

By default, detection exclusions replace the local existing exclusions list on the managed computers. To keep the existing local exclusions list, you need to apply the Policy setting Allow appending detection exclusions to locally defined list before applying detection exclusions:

cloud_allow_appending

Detections in archives

If one or more detections are found in an archive, the archive and each detection inside the archive are reported in Detections.

warning

Warning

Excluding the archive file that contains detections does not have any effect anymore. You need to exclude the individual detections inside the archive.

The excluded detections will not be detected anymore, even if they occur in another archive or unarchived.

Settings

You can exclude one or more detections based on the following Exclusion criteria:

Path & Detection - Exclude each file by its detection name and path, including file name (e.g. file:///C:/Users/user/AppData/Local/Temp/34e1824e/ggdsfdgfd.pdf.exe).

Exact files - Exclude each file by its SHA-1 hash.

Detection - Exclude each file by its detection name.

The recommended option is pre-selected based on the detection type.

Select the check box Resolve matching alerts to automatically resolve the alerts covered by the detection exclusion.

Optionally, you can add a Comment.

Target

warning

Warning

You can assign detection exclusions only to computers with a compatible ESET security product installed. Detection exclusions will not be applied to incompatible ESET security products and will be ignored on them.

A detection exclusion is by default applied to user's home group.

To change assignments, click Add Computers or Add Groups and select the target(s) where the detection exclusion will be applied, or select existing assignment(s) and click Remove Targets.

Preview

Allows you to see the overview of created detection exclusions. Make sure all exclusion settings are correct based on your preferences.

important

Important

After you create the detection exclusion, you cannot additionally edit it (you can only change assignment or delete exclusion).

Click Finish to create the detection exclusion.

You can see all the applied detection exclusions in group details and all the created detection exclusions in Exclusions.