Create Exclusion

You can exclude selected item(s) in Detections from being detected in the future. Click a detection and select icon_create_exclusion Create Exclusion. You can exclude only icon_antivirusAntivirus detections and icon_firewall Firewall detections - IDS rules. You can create an exclusion and apply it to more computers/group(s). The More > Exclusions section contains all created exclusions, increases their visibility and simplifies their management.

warning

Warning

Use exclusions with caution - they may result in an infected computer.

In ESET PROTECT, there are two icon_antivirusAntivirus exclusion categories:

1.Performance exclusions - Exclusions of files and folders defined by a path. You can create them via a Policy. Also see performance exclusions format and examples.

2.Detection exclusions - Exclusions of files defined by detection name, detection name and its path, or by object hash (SHA-1). Also see examples of detection exclusions by detection name.

warning

Detection exclusions limitations

In ESET PROTECT, you cannot create detection exclusions via a Policy.

If your policies previously contained detection exclusions, you can migrate exclusions from a Policy to the Exclusions list.

By default, detection exclusions replace the local existing exclusions list on the managed computers. To keep the existing local exclusions list, you need to apply the Allow appending detection exclusions to locally defined list Policy setting before applying detection exclusions:

allow_appending

Settings

You can exclude one or more detections based on the selected Exclusion criteria.

icon_antivirusAntivirus detections

Path & Detection - Exclude each file by its detection name and path, including file name (e.g. file:///C:/Users/user/AppData/Local/Temp/34e1824e/ggdsfdgfd.pdf.exe).

Exact files - Exclude each file by its SHA-1 hash.

Detection - Exclude each file by its detection name.

Detections in archives

If one or more detections are found in an archive, the archive and each detection inside the archive are reported in Detections.

warning

Warning

Excluding an archive file that contains a detection does not exclude the detection. You must exclude the individual detections inside the archive.

The excluded detections will not be detected anymore, even if they occur in another archive or are unarchived.

icon_firewall Firewall detections - IDS rules

Detection & context (recommended) - Exclude the firewall detection using a combination of the following criteria: by detection, application and IP address.

IP address - Exclude firewall detections by a remote IP address. Use this option if the network communication with a particular computer causes false positives.

Detection - Exclude the detection and ignore the false positive triggered from multiple remote computers.

Application - Exclude application from network detections. Allow the network communication for an application that causes IDS false positives.

 

The recommended option is pre-selected based on the detection type.

Select the Resolve matching alerts check box to automatically resolve the alerts covered by the exclusion.

Optionally, you can add a Comment.

Target

warning

Warning

You can assign exclusions (for icon_antivirusAntivirus detections and icon_firewall Firewall IDS rules) only to computers with a compatible ESET security product installed. Exclusions will not be applied to incompatible ESET security products and will be ignored on them.

An exclusion is by default applied to a user's home group.

To change assignments, click Add Computers or Add Groups and select the target(s) where the exclusion will be applied, or select an existing assignment(s) and click Remove Targets.

Preview

Allows you to see the overview of created exclusions. Make sure all exclusion settings are correct based on your preferences.

important

Important

After you create the exclusion, you cannot edit it. You can only change assignment or delete exclusion.

Click Finish to create the exclusion.

You can see all the created exclusions in More > Exclusions. To verify if a computer or a group has any applied exclusions, navigate to computer details > Configuration > Applied Exclusions or group details > Exclusions.