Detection exclusions

Detection exclusions allow you to exclude objects from cleaning by filtering the detection name, object path or its hash.


How detection exclusions work

Detection exclusions do not exclude files and folders from scanning as Performance exclusions do. Detection exclusions exclude objects only when they are detected by the detection engine and an appropriate rule is present in the exclusion list.

For example (see the first row on the image below), when an object is detected as Win32/Adware.Optmedia and the detected file is C:\Recovery\file.exe. On the second row, each file, which has the appropriate SHA-1 hash, will always be excluded despite the detection name..


To ensure that all threats are detected, we recommend creating detection exclusions only when it is absolutely necessary.

To add files and folders to the exclusions list, Advanced setup (F5) > Detection engine > Exclusions > Detection exclusions > Edit.



Not to be confused with Performance exclusions, Excluded file extensions, HIPS exclusions or Processes exclusions.

To exclude an object (by its detection name or hash) from detection engine, click Add.

Detection exclusions object criteria

Path – Limit a detection exclusion for a specified path (or any).

Detection name – If there is a name of a detection next to an excluded file, it means that the file is only excluded for the given detection, not completely. If that file becomes infected later with other malware, it will be detected. This type of exclusion can only be used for certain types of infiltrations. The exclusion can be created either in the alert window reporting the infiltration (click Show advanced options and then select Exclude from detection), or by clicking Tools > More tools > Quarantine and then right-clicking the quarantined file and selecting Restore and exclude from scanning from the context menu.

Hash – Excludes a file based on a specified hash (SHA1), regardless of the file type, location, name or its extension.