Creating a global antivirus and antimalware exclusions plan

The global antivirus and antimalware exclusions (global exclusions) plan enables you to create a list of trusted items at partner level. Partner administrators can add files, folders, processes, or hashes to a single plan, and apply it to all customer workloads. The global exclusions plan efficiently manages the lists of trusted items for customer tenants by eliminating the need for manual editing of each individual protection plan.

To create a global antivirus and antimalware exclusions plan

In Management Portal, go to Monitoring > Usage.
Under Cyber Protect, select Protection, and then click Manage service.
In the Cyber Protect console, go to Management > Protection plans.
Click Create plan.

The template for a protection plan opens.
Expand the Global Antivirus & Antimalware protection exclusions module.
Select the Exclusions option.
The Global Antivirus & Antimalware exclusions window opens.
In the Trusted items section, click Add to select from the available options:
- To trust files, folders, or processes, select the File/folder/process option. The Add file/folder/process window opens.
  - In the File/process/folder field, enter the path for each process, folder, or file on a new line.
  - Select the Add as file/folder checkbox to trust the file/folder.
    Examples of folder description: D:\folder\, /home/Folder/folder2, F:\
  - Select the Add as process checkbox to trust a process. The selected processes will be excluded from monitoring.
    You can specify the full path to a process or use wild card. For example, to exclude all processes in the Temp folder, you can enter C:\Windows\Temp\*.exe.
    Local network paths are also supported. For example, \\localhost\folderpath\file.exe
- To add MD5 hashes to the list of trusted items, select the Hash option. The Add hash window opens.
  - Here, you can insert MD5 hashes on separate lines to be included as trusted in the Protection exclusions list. Based on these hashes, Cyber Protection will exclude the processes described by the MD5 hashes from being monitored.
In the Description field, enter a short description, so that you can recognize your change in the list of trusted items. For example, reasons and purposes for the exclusion, time stamps, and so on.

If there are multiple items added in a single entry, there can only be one comment captured for the multiple items.
Click Add, and then click Done.

You can create as many global exclusions plans as you need and apply them to workloads of your direct customers.
Active plans are cumulatively applied.
If the same item appears in more than one plan, it will not be duplicated.
An item will always be trusted if it exists in the list of trusted items under a global exclusions plan and in the list of blocked items under the protection exclusions module.

Using wildcards to define exclusions

To define exclusions, you can use the wildcard characters * and ?. The asterisk (*) substitutes for zero or more characters. The question mark (?) substitutes for zero or exactly one character. Environment variables, such as %AppData%, cannot be used.

You can use a wildcard (*) to add items to the exclusion lists.

Wildcards can be used in the middle or the end of a description.

Examples of accepted wildcards in descriptions:

C:\*.pdf

D:\folders\file.*

C:\Users\*\AppData\Roaming

Wildcards cannot be used at the beginning of a description.

Examples of unacceptable wildcards in descriptions:

*.docx

*:\folder\

Using variables to define exclusions

You can also use variables to add items to the global exclusions list, with the following limitations:

For Windows, only SYSTEM variables are supported. User specific variables, for example, %USERNAME%, %APPDATA% are not supported. Variables with {username} are not supported. For more information, see https://ss64.com/nt/syntax-variables.html.
For macOS, environment variables are not supported.
For Linux, environment variables are not supported.

Examples of supported formats:

%WINDIR%\Media
%public%
%CommonProgramFiles%\Acronis\