macOS scanning exclusions
You can add scanning exclusions for Macs. These can be exclusions from anti-malware scanning or from ransomware protection.
When you set up global scanning exclusions, we exclude these files and folders from scanning for all your users and their devices.
If you want to exclude files or folders only on some users or devices, you can do this using an Endpoint Threat Protection policy. See Threat Protection Policy.
Adding exclusions reduces your protection, so we recommend that you use policies to target users and devices where the exclusion is necessary, rather than using this global option.
When you add or edit an exclusion, you can type any POSIX path, whether it is a volume, folder, or file.
Example: /Volumes/excluded (Mac)
Warning
Think carefully before you add scanning exclusions because doing so may reduce your protection. See Using exclusions safely.
To specify which items are excluded, use the rules in the table below. These rules apply to exclusions from anti-malware scanning or from ransomware protection.
Exclusion rules
| Token and syntax to use | Item(s) to exclude |
|---|---|
Suffix the exclusion with a slash | A folder and sub-folders recursively. |
Suffix the exclusion with a double slash | A folder but not sub-folders. |
<filename> Do not suffix the exclusion with a slash or double slash | A file. |
Prefix the exclusion with a slash | A folder or file in a specific location. |
<folder/>
Do not prefix the exclusion with a slash | A folder or file anywhere locally or on the network. |
Substitute an asterisk for the filename stem | A file whose name has a specific filename extension. |
Examples
| Exclusion path | Item(s) that are excluded |
|---|---|
/myfolder/myapplication | The file myapplication in a specific folder |
/myfolder/ | All files in the folder myfolder in a specific location and sub-folders recursively |
/myfolder// | All files in the folder myfolder in a specific location but not sub-folders |
myfolder/myapplication | The file myapplication in any folder that is called myfolder locally or on the network |
myfolder/ | All files in any folder that is called myfolder, locally or on the network, and sub-folders recursively |
myfolder// | All files in any folder that is called myfolder, locally or on the network, but not sub-folders |
myapplication | The file myapplication anywhere locally or on the network |
*.mov | All files whose filename extension is .mov anywhere locally or on the network |
/myfolder/*.mov | All files whose filename extension is .mov in a specific location |