This site is for AVG Business products only. For articles on Avast Business products, see Avast Business Help. If you are in the right place but cannot find what you are looking for, please contact AVG Business Support for further assistance.

Configuring Antivirus Exclusions

This Article Applies to:

  • AVG Business On-Premise Console

 

Through your On-Premise Console policies, you can exclude specified files, folders, or websites from being scanned by Antivirus if needed. Configuring standard and component-specific exclusions can speed up scans and prevent false-positive detections.

Exclusions are limited to approximately 8000 characters across both standard (All Scans and Shields) and component-specific (File Shield, Web Shield, etc) exclusions. Therefore, we recommend minimizing exclusions where possible to prevent any security flaws and/or impact on system performance.

Wildcards can be used when configuring exclusions. Note, however, that Behavior Shield and Web Shield have certain limitations when it comes to the use of wildcards. For more info, see respective sections below.

Configuring Standard Exclusions

You can configure exclusions (called exceptions in the local UI) that will propagate across all of the various Antivirus shields and components in the Antivirus Settings tab of your console, within a selected policy.

Any changes made to exclusions within policies will propagate across your network every 5-10 minutes.

 

To add a standard exclusion, i.e. an exclusion that will apply to all scans and shields:

  1. Go to the Policies page
  2. Open the desired policy
  3. Select Windows Workstation or Windows Server
  4. Go to the Antivirus settings tab
  5. In the Exclusions section, enter the desired exclusion, ensuring the correct tab is selected:
    • File paths: Exclude specified file paths from virus scans and shield protection
    • URL addresses: Exclude specified URLs from virus scans and shield protection
    • DeepScreen: Exclude specified executable files from DeepScreen checks
    • Hardened mode: Exclude specified executable files from Hardened Mode checks
  6. Click Add next to your entry

All added exclusions will be displayed here and can be edited or deleted if needed.

Configuring Component-Specific Exclusions

Many of the customizable Antivirus components have a dedicated tab for configuring exclusions that will only affect that particular component. The process of creating specific exclusions is similar for most shields and components.

File Shield Exclusions

Any exclusions specified here will not be scanned by File Shield during a device scan. This can be used to speed up your scan for locations you know are safe or to prevent false positives.

To add an exclusion to the File Shield scans:

  1. Go to the Policies page
  2. Open the desired policy
  3. Select the OS
  4. Go to the Active Protection tab
  5. Click the Customize link next to File Shield
  1. Select the Exclusions tab
  2. In the Enter path field, specify the file path you would like to exclude
  3. Use the checkboxes on the left to specify when the exclusion applies — when the file is Read, Written, and/or Executed
  4. Click Add next to your entry

All added exclusions will be displayed here and can be edited or deleted if needed.

Behavior Shield Exclusions

Any exclusions specified here will not be scanned by Behavior Shield when devices are running programs and processes. Network share is supported as long as you are using the absolute path to the folder/file.

Behavior Shield does not support inserting wildcards at the beginning or in the middle of a file path (for example, C:\users\*\application.exe). However, you can still use a wildcard at the end of the path (for instance, C:\users\username\*).

Behavior Shield exclusions apply to Windows workstations only.

 

To add an exclusion to the Behavior Shield scans:

  1. Go to the Policies page
  2. Open the desired policy
  3. Select Windows Workstation
  4. Go to the Active Protection tab
  5. Click the Customize link next to Behavior Shield
  1. In the Exclusions section, enter the location you would like to exclude
  2. Click Add next to your entry

All added exclusions will be displayed here and can be edited or deleted if needed.

Web Shield Exclusions

Any exclusions specified here will not be scanned by Web Shield when devices are accessing the internet. This can be used to prevent false positives.

Web Shield's Process exclusions do not accept wildcard characters.

To add an exclusion to the Web Shield scans:

  1. Go to the Policies page
  2. Open the desired policy
  3. Select Windows Workstation or Windows Server
  4. Go to the Active Protection tab
  5. Click the Customize link next to Web Shield
  1. Select the Exclusions tab
  2. Do one of the following based on the type of exclusion you would like to create:
    • For URLs, ensure the Enable checkbox is ticked, then enter the URL you would like to exclude in the URL address field
    • For MIME-types, ensure the Enable checkbox is ticked, then enter the MIME-type you would like to exclude in the MIME-type field
    • For processes, ensure the Enable checkbox is ticked, then enter the process path in the Path to process field (these do not accept wildcards)
  3. Click Add next to your entry

All added exclusions will be displayed here and can be edited or deleted if needed.

 

Related Articles:

Logging Blocked Packets to Create Exclusions

Configuring Files and Programs Scanned by Antivirus

Wildcards