Skip to content

Page permalink

Always use the following permalink when referencing this page. It will remain unchanged in future help versions.

https://docs.sophos.com/central/customer/help/en-us/index.html?contextId=exploit-exclusions

Exploit mitigation exclusions

You can exclude applications from protection against security exploits. For example, you might want to exclude an application that is incorrectly detected as a threat until the problem has been resolved.

This video takes you through setting up exclusions. The "Intercept X Exclusions" section tells you how to set up exploit mitigation exclusions.

Using exploit mitigation exclusions safely

Warning

Think carefully before you add exclusions because it reduces your protection.

When you set up global exploit mitigation exclusions, we exclude these applications from exploit protection for all your users and their devices. You can use wildcards and variables see Exploit mitigation or ransomware wildcards and variables.

Be careful if you use wildcards or variables to set up exclusions as they decrease your protection. Make your exclusions as specific as possible. It's risky to generalize the exclusion to cover more files and folders than you need to.

If you want to exclude applications from exploit protection for some users or devices, you can do this using an Endpoint Threat Protection policy. See Threat Protection Policy.

If you want to exclude applications from exploit protection for some servers, you can do this using a Server Threat Protection policy. See Server Threat Protection Policy.

As adding exclusions reduces your protection, we recommend that you use policies to target users and devices where the exclusion is necessary rather than using this global option.

For help on using exclusions see Using exclusions safely.

Exclude an application

To exclude an application, do as follows:

  1. Go to My Products > General Settings > Global Exclusions.
  2. Click Add Exclusion (upper right of the exclusions list).

  3. In Exclusion Type, select Exploit Mitigation (Windows).

    You see a list of Protected Applications found on your network.

  4. Select an application you want to exclude.

    If you don’t see the application you want, click Application not listed?.

    You can then exclude an application by its file path. Optionally, use any of the variables. See Exploit mitigation or ransomware wildcards and variables.

  5. Under Mitigations, you can:

    • Turn off Protect Application. The application won’t be checked for any exploits.
    • Keep Protect Application turned on and select the exploit types that you do or don’t want to check for.

  6. Click Add or Add Another. The exclusion is added to the list on the Global Exclusions page.

To edit an exclusion later, click its name in the exclusions list, enter new settings, and click Update.