Add a filename or file path to exclude from an Allow List policy

File exclusion settings describes the information that you must provide to exclude a file or path from an allow list policy.
File exclusion settings
Exclusion setting
Description
Prefix
The following prefixes are supported:
  • [NONE]
    No prefix is prepended.
  • [COMMON_APPDATA]
    The file system folder containing application data for all users.
    • C:\Documents and Settings\All Users\Application Data
      (Windows XP)
    • C:\ProgramData
      (Windows Vista+)
  • [COMMON_DESKTOPDIRECTORY]
    The file system folder that contains the files and folders that appear on the desktop for all users.
    • C:\Documents and Settings\All Users\Desktop
      (Windows XP)
    • C:\Users\Public\Desktop
      (Windows Vista+)
  • [COMMON_DOCUMENTS]
    The file system folder that contains the documents that are common to all users.
  • [COMMON_PROGRAMS]
    The file system folder that contains the folders for the common program groups that appear on the
    Start
    menu for users.
    • C:\Documents and Settings\All Users\Start Menu\Programs
      (Windows XP)
    • C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
  • [COMMON_STARTUP]
      The file system folder that contains all the programs that appear in the Startup folder for all users:
    • C:\Documents and Settings\All Users\Start Menu\Programs\Startup
      (Windows XP)
    • C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
      (Windows Vista+)
  • [PROGRAM_FILES]
    The
    Program Files
    folder, which includes:
    • C:\Program Files
    • C:\Program Files (x86)
  • [PROGRAM_FILES_COMMON]
    The folders for the components that are shared across applications:
    • C:\Program Files\Common Files
    • C:\Program Files (x86)\Common Files
  • [SYSTEM]
    The Windows System folder:
    C:\Windows\System32
  • [SYSTEM_DRIVE]
    Indicates the location where the Windows operating system is installed (new in 14.0):
    C:\
  • [USER_PROFILE]
    File system folders that correspond to all the users (new in 14.0):
    C:\Users\%user%
    (Windows Vista+)
  • [WINDOWS]
    The Windows folder or SYSROOT, which corresponds to the
    %windir%
    or
    %SYSTEMROOT%
    environmental variables:
    C:\Windows
Filename (include full path)
Path
  • Filename
    : The full path to a file or folder. For example: C:\temp\test.txt
    You must include the slash (\) in the path.
  • Path
    : The full path on disk. For example:
    C:\temp
    Check
    Include subfolders
    to include any folders under the specified path.
Turn on/off file exclusion from one or more technologies
You can apply the file name exclusion for the policy for multiple technologies.
  • Auto-Protect
    Excludes a file from real-time scans.
  • Scheduled and On-Demand scans
    Excludes a file from scheduled and on-demand scans.
  • Behavioral Analysis
    Excludes a file from real-time heuristic scans.
  • Tamper Protection (Filename only)
    Excludes a file from Tamper Protection. Applies to the actor and not the target.
  • Device Control
    Excludes a file from device control.