N-central Help

Global Exclusions

Exclusions can apply to on-access and on-demand scanning. Based on the object of the exclusion, there are a number of different types of exclusions.

For information on creating exclusions for scans, see Configure Global Exclusions.

Windows 10 offers an optional case-sensitive file system. How the Windows device is configured can affect how you enter the search criteria in the search field on the Global Exclusions page.

Process

This excludes the security scanning of the image in memory and the action of the process. These are the most common exclusions that you will use with AV Defender. They are typically used when troubleshooting application conflicts, performance issues, and application performance issues. You can also configure process exclusions for on-access scanning, Active Virus Control, and Intrusion Detection Systems.

If you exclude a process, its actions are also excluded, however the actions of its "children" are not. For example, if iexplore.exe is excluded and it runs virus.exe, AV Defender will not scan the virus.exe file when it runs. However, if virus.exe then attempts to execute killmypc.exe, AV Defender will scan it and catches it if it is malicious.

File/Folder

This excludes the file image from being scanned. You should only configure this in circumstances where the scanning itself is causing issues or if removal from the files can be damaging. Example exclusions include:

  • File: Only the specified file is excluded from security scanning.
  • Folder: All files in a specified folder and all of its subfolders are excluded from security scanning.
  • Extension: All files with the specified extension are excluded from security scanning.

Examples of using File/Folder exclusions include backup destination locations, database files and PST or OST files.

Network

This excludes all network-level filtering from security scanning including antivirus and anti-malware scanning of TCP traffic, content filtering by category, anti-phishing, and search advisors/browser toolbars. Use Network exclusions to troubleshoot issues with any network centered application including:

  • Being unable to access server applications.
  • Being unable to connect to network resources.
  • Being unable to connect to the Internet.
  • Web pages not functioning as expected.

Use scan exclusions in special circumstances or following Microsoft or Bitdefender recommendations. When configuring exclusions, note that SolarWinds N-central does not support the use of wildcard characters for excluding files and file types. If you have an EICAR test file that you use periodically to test anti-malware protection, exclude it from on-access scanning.

Best practice

For the best results, use the exclusion type that accomplishes specific goals:

  • Process: Used to resolve application conflicts, performance issues, and reduce impact on key business applications.
  • File/Folder - Used to avoid false positive errors or for heavy traffic folders, such as backup destinations.
  • Network: Used to exclude a web site from being scanned. Exclusions will apply to all modules.

To avoid false positives, exclude the following MSPA executables from the C:\ProgramData\GetSupportService_N-Central\Updates\ folder:

  • MSPA4NCentral-6.77.77-BUILD-20161219-B-20161221163111.exe
  • MSPA4NCentral-6.80.00-BUILD-20170120-C-20170130181221.exe
  • MSPA4NCentral-6.80.01-BUILD-20170131-20170131113836.exe
  • MSPA4NCentral-6.80.10-BUILD-20170405-20170410160818.exe
  • MSPA4NCentral-6.80.17-BUILD-20170801-20170810174900.exe
  • Update_20161213081614.exe
  • Update_20170321174328.exe
  • Update_20170525043038.exe
  • Update_20170621174604.exe
  • Update_20171117142950.exe
  • Update_20180302141746.exe
  • Update_20180730120602.exe

Also exclude the following folders and files

  • C:\Program Files (x86)\N-able Technologies\Reactive\bin\
  • C:\Program Files (x86)\N-able Technologies\Reactive\bin\NableCommandPromptManager32.exe
  • C:\Program Files (x86)\N-able Technologies\Reactive\bin\NableCommandPromptManager64.exe
  • C:\Program Files (x86)\N-able Technologies\Reactive\bin\NableReactiveManagement.exe

If you are using MSPAnywhere/Take Control, add these exclusions:

  • C:\Program Files (x86)\BeAnywhere Support Express\GetSupportService_N-Central\
  • C:\Program Files (x86)\BeAnywhere Support Express\GetSupportService_N-Central\BASupSrvc.exe
  • C:\Program Files (x86)\BeAnywhere Support Express\GetSupportService_N-Central\BASupSrvcCnfg.exe

Pre-configured Exclusions

By default, AV Defender includes preconfigured exclusions following guidelines provided by SolarWinds N-central and Microsoft. These preconfigured exclusions are embedded in AV Defender and are not subject to user modification. Files are located in the associated N-able Technologies agent/probe folders on the device or server.

Windows agent exclusions

  • agent.exe
  • AgentMaint.exe
  • AgentMonitor.exe
  • AVDIU.exe
  • BASupTSHelper.exe
  • bitsadmin.exe
  • ESCleaner.exe
  • KillWTSMessageBox.exe
  • NAAgentImplServer.exe
  • NableAVDBridge.exe
  • NableAVDUSBridge.exe
  • NRMInstallHelper.exe
  • PIU.exe
  • Popup.exe
  • ProxyConfig.exe
  • RebootMessage.exe

Windows probe exclusions

  • AMTPowerManager.exe
  • NableUpdateDiagnose.exe
  • NableUpdateService.exe
  • RemoteService.exe
  • VmWareClient.exe
  • wsp.exe
  • WSPMaint.exe
  • WSPMonitor.exe

Other

  • NableAVDBridge.exe
  • NableAVDUSBridge.exe
  • ThirdPartyPatch.exe
  • BASupApp.exe

Backup Manager exclusions

Files are located in the associated Backup Manager folders on the device or server.

  • BackupIP.exe
  • BRMigrationTool.exe
  • ClientTool.exe
  • VdrAgent.exe
  • BackupUP.exe
  • ProcessController.exe
  • BackupFP.exe
  • xtrabackup.exe
  • vmware-mount.exe
  • mysql.exe
  • InstallDriver.exe
  • vddkReporter.exe
  • vmware-vdiskmanager.exe
  • BackupFP.exe
  • BackupUP.exe
  • BackupIP.exe
  • vmware-mount.exe
  • vmware-vdiskmanager.exe