Exclusions

Some exclusions and exclusion paths work differently in ESET File Security for Linux version 7.0 and 7.1+.

File extension exclusions

This type of exclusion can be set up for Real-time file system protection and On-demand scans.

1.In the Web interface, click Setup > Detection Engine.

2.Click:

Real-time file system protection > Threatsense parameters to modify exclusions related to Real-time file system protection

Malware scans > On-demand scan > Threatsense parameters to modify exclusions related to On-demand scan (custom scan)

3.Next to File extensions excluded from scanning, click Edit.

4.Click Add and type the extension to exclude. To define several extensions at once, click Enter multiple values, and type the applicable extensions separated by a new line or other separator you selected.

5.Click OK, then click Save to close the dialog.

6.Click Save to save the changes.


Exclusions in ESET File Security for Linux version 7.1+

Performance exclusions

By excluding paths (folders) from being scanned, the time needed to scan the file system for the presence of malware can be significantly decreased.

1.In the Web interface, click Setup > Detection Engine > Basic.

2.Next to Performance exclusions, click Edit.

3.Click Add, define the Path to be skipped by the scanner.  Optionally add a comment for your information.

4.Click OK, then  click Save to close the dialog.

5.Click Save to save the changes.

 

Detection exclusions

Detection exclusions allow you to exclude objects from cleaning (deletion or moving to quarantine) by filtering the detection name, object path or its hash.

example

How detection exclusions work

Detection exclusions do not exclude files and folders from scanning as Performance exclusions do. Detection exclusions exclude objects from being quarantined/deleted only when they are detected by the detection engine and an appropriate rule is present in the exclusion list.

See the sample rules in the image below. The rule in the first row will exclude an object that is detected as Eicar test file and is located at /home/demo/Download/some.file. The rule in the second row will exclude every detected object that  has the corresponding SHA-1 hash, regardless the detection name.

detection_exclusions

Detection exclusions object criteria

Path – Detection exclusion for a specified path (or any if left empty).

Detection name – A detected object will be excluded only if matches the defined detection name. If the file becomes infected later with other malware, so its detection name will not match the one in an exclusion rule anymore, it will be detected as an infiltration and proper action will be taken against it. This type of exclusion can only be used for certain types of detections. To add such detections to the exclusion list, navigate to Quarantine, right-click a quarantined file and select Restore and exclude. This option is displayed only for items the detection engine evaluated as eligible for exclusion.

Hash – Excludes a file based on a specified hash (SHA1), regardless of the file type, location, name or its extension.


Exclusion paths

For ESET File Security for Linux v7.2

/root/* - The "root" directory and all of its sub-directories and their content.

/root - The "root" file only.

/root/file.txt - The file.txt in  "root" directory only.

For ESET File Security for Linux v7.1

/root/* - The "root" directory and all of its sub-directories and their content.

/root - The "root" directory only.

/root/file.txt - The file.txt in  "root" directory only.

For ESET File Security for Linux v7.0

/root  ,   /root/  - The "root" directory and all of its sub-directories and their content. .

/root/file.txt - The file.txt in  "root" directory only.

example

Wildcards in the middle of a path

We highly recommend that you do not use wildcards in the middle of a path (for example /home/user/*/data/file.dat) unless your system infrastructure requires it. See the following Knowledgebase article for more information.

There are no restrictions to using wildcards in the middle of a path when using detection exclusions.


Exclusions in ESET File Security for Linux version 7.0

File and folder exclusion

This type of exclusions can help you to exclude desired files from being scanned for presence of malicious software.

1.In the Web interface, click Setup > Detection Engine > Basic.

2.Next to Exclusions, click Edit.

3.Click Add and select the exclusion type:

Exclude path - Define the path to be excluded from the scan.

Exclude hash - Define the hash of the file to be excluded.

Exclude detection - Define the exact name of the threat (detection) to be ignored during scan, and optionally define a path mask.

4.Define a single entity (for example, path, hash, or threat).

5.Click OK, then click Save to close the dialog.

6.Click Save to save the changes.