As of June 2024, users can manually exclude specific files and folders from Agent scanning and mitigation.
This capability allows organizations to bypass automated responses and recommendations for scenarios such as false positives, penetration testing, or advanced troubleshooting - giving teams greater control and flexibility in how security policies are applied.
Users can configure exclusions in the Agent using two methods:
Exclude a Specific File - By choosing this option, the user must add the specific file path and hash for reference. The Agent will then know to ignore this file.
Exclude a Folder/Path - By choosing this option, the user sets a path that excludes everything inside it from being scanned.
Set Up
To configure exclusions, users must access the Agent Policy Configuration panel.
Open the Policy menu.
Select the Event Response submenu.
Scroll down to the Agent Policy section.
Reminder: Agent policy rules consist of three key parameters: the Level, which defines the scope (global, group, or specific endpoint); the Event, which triggers the rule; and the Action, which determines the Agent’s response.
Configure File/Path Exclusion
To configure an exclusion rule, the user needs to access the Agent Policy Section as mentioned above and add a new rule.
To add a new rule: Click on "Add" next to the Agent Policy title.
Inside the Rule Creation pop-up, the user will need to set the scope where the rule should be applied, and then choose the relevant event - File/Folder Exclusion.
Configuring Exclusion Method
After selecting the File/Folder Exclusion event type, the Exclude action is applied by default.
Next, you can choose the exclusion mode, File or Folder - using the toggle provided.
Folder Exclusion
If Folder is selected, you'll need to define the folder path(s) to be excluded. Multiple folders can be added within a single rule.
To add a path:
Click the input field next to Folder Path List and enter the folder path.
To add multiple paths, separate them with a comma, then press Enter - each will be added to the same rule.
Click Save Once Done
🎉 New - Wildcard Support Now Available!
You can now use wildcard characters when defining folder path exclusions in Agent policies. This allows you to match folders whose names may vary across endpoints - without creating multiple specific rules.
Wildcard Support
When adding a folder exclusion under Agent Policy Configuration:
Enter the folder path using wildcard characters in the input field under Folder Path List
The Agent will apply the exclusion to all matching paths, based on the wildcard pattern
Available Wildcard Characters
| Description | Example Path | Matches |
| Matches any number of characters (including none) |
|
|
| Matches exactly one character |
|
|
Wildcard Tips
Wildcards can be used anywhere in the path, including in folder names and subfolders.
Avoid using wildcards in the root directory (e.g.,
C:\*) unless you’re certain of the impact - it may lead to broad exclusions.Paths are case-insensitive on Windows systems.
File Exclusion
To exclude a file, follow the same process but choose the File option.
You must specify the file path or add the file identifier (MD5 hash) of the specific file.
Additional Notes
To exclude multiple paths or hashes, add them within a single rule, not across separate rules - this helps avoid conflicts and misclassification.
Rule precedence follows this order: endpoint > group > global.
A more specific rule (e.g., for a single user) will override broader ones.If a file was mitigated before an exclusion policy was applied, it first needs to be released using the mitigation window. The file exclusion policy won't automatically release the file, even if the policy was applied.