How do I exclude specific folders from being analyzed by CylancePROTECT?

Important: Because each user environment is unique, only add the exclusions that apply to your environment.

Users are able to exclude specific folders by specifying the folder's location.

Go to the Cylance Console and click on Settings, Device Policy, Create a New Policy, or select one from the list. In the Device Policy, go to the Protection Settings tab, check the box for Exclude Specific Folders and add in the desired exclusion(s). This excludes the folder from Background Threat Detection and Watch for New Files.

Users can also enable Allow Execution if they'd prefer to exclude the folder from Execution Control. This allows the executable(s) to run from the specified directories. For more information on this, refer to What is Allow Execution for?


Note: Allow Execution is an important functionality that users should be familiar with. Files that are executed from any folder, including an excluded folder, will be analyzed by Execution Control / Auto-Quarantine. To prevent this from occurring, users can enable Allow Execution. Allow Execution applies to all of the folders listed under Protection Settings > Exclude Specific Folders, not just the first or last item entered.
 

Either Background Threat Detection or Watch for New Files must be selected before the Exclude Specific Folders option becomes available.

  • Windows¬†requires an absolute path (requires a drive letter).
  • macOS¬†and Linux¬†requires an absolute path from the drive root (macOS and Linux don't use a drive letter). Remember to escape any spaces in the path.
    • Exclusion without spaces:¬†/Applications/SampleApplication.app/
    • Exclusion with spaces:¬†/Applications/Sample\ Application.app/

Note: An error message displays when trying to save a policy that contains an invalid path.

Note: Disabling Background Threat Detection and Watch for New Files will also delete Exclude Specific Folders settings.

 

Further Details

Protection Settings Exclusions Are Not Retroactive

Protection Settings exclusions are not applied retroactively. Any files that were previously detected or convicted will remain in this state until locally waived or added to the Global Safe list. Adding an exclusion after the initial detection or conviction will not retroactively exclude the already detected or convicted files.

Example:

Watch for New Files convicts a file named C:\Windows\ccmcache\test.exe and an exclusion is added to the Protection Settings tab for C:\Windows\ccmcache\. The convicted file will still remain convicted despite the new folder exclusion until the file is locally waived or added to the Global Safe List.

This does not apply to devices with fresh installations of CylancePROTECT. If the device receives a policy with relevant Protection Settings exclusions after initial installation, all files in the exclusion locations will be ignored by Background Threat Detection and Watch for New Files.

 

Known Issues:

  • Folder Exclusions do not support Network Paths or¬†Wildcards.

If you'd like to add Exclusions for Memory Protection instead, please refer to How to Add Exclusions for Memory Protection