Skip to content

Ransomware Protection exclusions

You can exclude applications or folders from protection against ransomware.

You might want to exclude an application that we've incorrectly detected as a threat or an application that is incompatible with ransomware protection. For example, if you have an application that encrypts data, you might want to exclude it. This stops us from detecting the application as ransomware.

Or you might want to exclude folders used by specific applications that show performance issues when being monitored by ransomware protection. For example, you might want to exclude folders used by backup applications.

Using ransomware protection exclusions safely


Think carefully before you add exclusions because it reduces your protection.

When you set up global ransomware protection exclusions, we exclude these applications and folders from ransomware protection for all your users and their devices. You can use wildcards and variables. See Exploit mitigation or ransomware wildcards and variables.

Be careful if you use wildcards or variables to set up exclusions as they decrease your protection. Make your exclusions as specific as possible. It's risky to generalize the exclusion to cover more files and folders than you need to.

If you want to exclude applications or folders from ransomware protection for some users or devices, you can do this using an Endpoint Threat Protection policy. See Threat Protection Policy.

If you want to exclude applications or folders from ransomware protection for some servers, you can do this using a Server Threat Protection policy. See Server Threat Protection Policy.

As adding exclusions reduces your protection, we recommend that you use policies to target users and devices where the exclusion is necessary rather than using this global option.

For help on using exclusions see Using exclusions safely.

Exclude an application or folder

To exclude an application or folder, do as follows:

  1. Go to My Products > General Settings > Global Exclusions.
  2. Click Add Exclusion (upper right of the exclusions list).
  3. In Exclusion Type, select Ransomware Protection (Windows) or Ransomware Protection (Mac).

    Ransomware Protection Exclusion.

  4. Choose whether you want to exclude a process or a folder.

    Choose Process to exclude an application.

  5. In VALUE, enter the path for the process or folder you want to exclude.

    You can exclude a folder by its local path or its remote path in UNC format, for example \\servername\shared-folder.

    You can use variables when you exclude processes or folders.

  6. Click Add or Add Another. We add the exclusions to the list on the Global Exclusions page.

To edit an exclusion later, click its name in the exclusions list, enter new settings, and click Update.