Global exclusions

You can exclude files, websites and applications from scanning for threats, as described below.

We'll still check the excluded items for exploits.

Note These exclusions will apply to all your users (and their devices) and servers. If you want them to apply only to certain users or servers, use the exclusions in the Sophos Central Admin policies instead.

Customers won't be able to add to the Global exclusions list from Global Settings. They can add global exclusions from the events list. These are not added to the global exclusions list you can view and edit in Sophos Central Admin.

Global exclusions pushed from Sophos Central Partner are merged with the Sophos Central Admin list.

  1. In Global Settings, click Global exclusions.
  2. Click Add Exclusion (on the right of the page).
    The Add Exclusion dialog is displayed.
  3. In the Exclusion Type drop-down list, select a type of item to exclude (file or folder, website or potentially unwanted application).
  4. Specify the item or items you want to exclude. The following rules apply:
    • File or folder (Mac/Linux). You can exclude a folder or file. You can use the wildcards ? and *. Examples: /Volumes/excluded (Mac)/mnt/hgfs/excluded (Linux)
    • File or folder (Sophos Security VM). On Windows guest VMs protected by a Sophos security VM, you can exclude a drive, folder or file by full path. You can use the wildcards * and ? but only for file names.
    • Process (Windows). You can exclude any process running from an application. This also excludes files that the process uses (but only when they are accessed by that process). If possible, enter the full path from the application, not just the process name shown in Task Manager. Example: %PROGRAMFILES%\Microsoft Office\Office 14\Outlook.exe. You can use wildcards and variables.
      Note To see all processes or other items that you need to exclude for an application, see the application vendor's documentation.
    • Website. Websites can be specified as IP address, IP address range (in CIDR notation), or domain. Examples:
      • IP address:
      • IP address range:
      • The appendix /24 symbolizes the number of bits in the prefix common to all IP addresses of this range. Thus /24 equals the netmask 11111111.11111111.11111111.00000000. In our example, the range includes all IP addresses starting with 192.168.0.
      • Domain:
    • Potentially Unwanted Application. Here, you can exclude applications that are normally detected as spyware. Specify the exclusion using the same name under which it was detected by the system.
  5. For File or folder exclusions, in the Active for drop-down list, specify if the exclusion should be valid for real-time scanning, for scheduled scanning, or for both.
  6. Click Add or Add Another. The exclusion is added to the exclusions list.