Web Domain Exception

You can exclude a web domain from Download Insight detections and behavioral analysis. When you exclude a web domain, files that users download from any location in that web domain are always allowed. Any allowed files, however, are scanned by Auto-Protect and any administrator- or user-defined scans.
Trusted web domain exceptions require that Download Insight is enabled. In the Antimalware policy, make sure that
Advanced Intensity Settings
Automatically trust any files downloaded from a trusted internet or intranet site
is turned on.
By default, Download Insight does not examine any files that users download from a trusted Internet or intranet site. You configure trusted sites and trusted local intranet sites on the
Windows Control Panel > Internet Options > Security
tab. You can disable the Download Insight setting for intranet sites in the Antimalware policy.
When you specify a web domain exception, you must specify one domain or IP address at a time. Port numbers are not supported.
You can specify a URL, but the exception uses only the domain name portion of a URL. If you specify a URL, you can pre-pend the URL with either HTTP or HTTPS (case-insensitive), but the exception applies to both.
For example, any one of the following entries produces the same exception:
  • test.domain.com
  • test.domain.com/mydocs
  • HTTP://test.domain.com/mydocs
  • https://test.domain.com
Regardless of whether a user navigates to
through HTTP or HTTPS, Download Insight and behavioral analysis exclude the domain. If the user navigates to any location within the domain (such as
), the user can download files from that location.
When you specify an IP address, the exception applies to both the specified IP address and its corresponding host name.
For FTP locations, you must specify an IP address. If a user navigates to the FTP location through its URL,
Endpoint Security
resolves the host name to the IP address and applies the exception.