Skip to content

Page permalink

Always use the following permalink when referencing this page. It will remain unchanged in future help versions.

https://docs.sophos.com/central/customer/help/en-us/index.html?contextId=exploit-exclusions

Exploit mitigation exclusions

Some features might not be available for all customers yet.

You can exclude applications from protection against security exploits. For example, you might want to exclude an application that is incorrectly detected as a threat until the problem has been resolved.

Using exploit mitigation exclusions safely

Warning

Think carefully before you add exclusions because it reduces your protection.

When you set up global exploit mitigation exclusions, we exclude these applications from exploit protection for all your users and their devices. You can use wildcards and variables see Exploit mitigation or ransomware wildcards and variables.

Be careful if you use wildcards or variables to set up exclusions as they decrease your protection. Make your exclusions as specific as possible. It's risky to generalize the exclusion to cover more files and folders than you need to.

If you want to exclude applications from exploit protection for some users or devices, you can do this using an Endpoint Threat Protection policy. See Threat Protection Policy.

If you want to exclude applications from exploit protection for some servers, you can do this using a Server Threat Protection policy. See Server Threat Protection Policy.

As adding exclusions reduces your protection, we recommend that you use policies to target users and devices where the exclusion is necessary rather than using this global option.

For help on using exclusions see Using exclusions safely.

Exclude an application

To exclude an application, do as follows:

  1. Go to My Products > General Settings > Global Exclusions.
  2. Click Add Exclusion.
  3. In Exclusion Type, select Exploit Mitigation and Activity Monitoring (Windows).

  4. In Exclude Application by Path, enter an application's file path to exclude it.

    You can use wildcards and variables when you specify the file path. See Exploit mitigation or ransomware wildcards and variables.

  5. Under Mitigations, take one of the following actions:

    • Turn off Protect Application. The application won't be checked for any exploits.
    • Keep Protect Application turned on and select the exploit types that you want to check for.

  6. Click Add or Add Another.

To edit an exclusion later, click its name in the exclusions list, enter new settings, and click Update.

Note

You can't edit your existing category-based exclusions, but you can edit and turn off individual mitigations for path-based exclusions.