Linux scanning exclusions
You can add scanning exclusions for Linux servers.
When you set up global scanning exclusions, we exclude these files and folders from scanning for all your users and their devices.
If you want to exclude files or folders only on some servers, you can do this using a Server Threat Protection policy. See Server Threat Protection Policy.
Adding exclusions reduces your protection, so we recommend that you use policies to target users and devices where the exclusion is necessary, rather than using this global option.
Using scanning exclusions safely
Warning
Think carefully before you add scanning exclusions because doing so may reduce your protection.
Be careful when you set up scanning exclusions as you can increase the risk to your systems and reduce your protection.
Make your scanning exclusions as specific as possible. It's risky to generalize the exclusion to cover more files and directories than you need to.
You can exclude a specific directory or file by its full path. To exclude a directory and all the directories and files below it, add a trailing slash. For example:
/mnt/hgfs/excluded
excludes the file namedexcluded
.-
/mnt/hgfs/excluded/
excludes the directory namedexcluded
and all directories and files below it in the filesystem.We recommend that you use this exclusion type as specifically as possible.
You can exclude a directory or file in any location. For example:
*/excluded
excludes the file namedexcluded
in any location.-
*/excluded/*
excludes the directory namedexcluded
in any location and all directories and files below it in the filesystem.We recommend that you use this exclusion type as specifically as possible.
Server Protection for Linux
Warning
Server Protection for Linux can misinterpret some exclusions if you don't include any necessary wildcards at the start or end of the excluded path. This can lead you to excluding more or less than you intended.
You must specify exclusions carefully and be as specific as possible.
We've given specific examples for Server Protection for Linux (SPL), where appropriate. Follow these examples to define your exclusions so that SPL interprets them correctly.
Scanning exclusions
You can use the exclusions in this table for scanning exclusions and allowed applications.
If you want to use wildcards in your path, see the path and directory examples in this table.
Type | Exclusion |
---|---|
Absolute path to file |
Excludes the named file. Example: |
Absolute path to directory |
Excludes everything in the named directory and below. Be careful using this exclusion type, as it reduces your protection. We recommend that you use this exclusion type as specifically as possible. Don't use it to exclude high-level directories. |
File name |
Excludes files with this name in any directory. This matches anywhere on the filesystem and isn't specific to a location. Example: Excludes |
Relative path to a file |
SPL: Excludes any path ending with the named directory and file. This matches anywhere on the filesystem and isn't specific to a location. Example: Excludes |
Directory name |
SPL: Excludes everything below any directory with this name. This matches anywhere on the filesystem and isn't specific to a location. Excludes Be careful using this exclusion type, as it reduces your protection. We recommend that you use this exclusion type as specifically as possible. Don't use it to exclude high-level directories. |
Relative path to a directory |
SPL: Excludes any path containing the named directory. This matches anywhere on the filesystem and isn't specific to a location. Excludes Be careful using this exclusion type, as it reduces your protection. We recommend that you use this exclusion type as specifically as possible. Don't use it to exclude high-level directories. |
File extension |
Excludes any file with this extension, in any directory. Example: Excludes Be careful using this exclusion type, as it reduces your protection. We recommend that you use this exclusion type as specifically as possible. |
file name prefix |
Example: Excludes any file with this file name prefix, in any directory. Excludes |
Absolute path with file name extension |
Excludes any file with the named extension under the named directory. Example: Excludes |
Absolute path with file name prefix |
Excludes any file with the named prefix under the named directory. Example: Excludes |
Absolute path with directory name suffix |
SPL: Excludes any directory with the named suffix under the named path. Example: SPL example: Excludes |
Absolute path with directory name prefix |
SPL: Excludes any directory with the named prefix under the named path. Example: SPL example: Excludes |
Absolute path with character suffix |
Excludes any file with the named file name and the named character suffix under the named directory. Example: Excludes |
Wildcard path |
Excludes any file with the named file name that matches the named directory and wildcard pattern. Example: |
Examples
Here are some examples of exclusion expressions.
Expression | Items that are excluded |
---|---|
*/data/report | A file named report in a directory named data in any location |
*.txt | Any file whose name ends in .txt in any location |
/mnt/hgfs/data/*.txt | Any file whose name ends in .txt in the directory named /mnt/hgfs/data/ |
*/report??2020 | Any file whose name begins with report followed by two characters and ends with 2020 in any location |
*/report20??/* | Any directory in any location whose name begins with report20 and ends with two characters, and all directories and files below it in the filesystem |
Command line exclusions
You can use the exclusions shown in this table on the command line.
These exclusions are all relative to the current working directory.
Type | Exclusion |
---|---|
File in current directory.
| Excludes the named file in the current directory.
For example this maps to |
Sub-directory of the current working directory
| Excludes the named sub-directory.
|
Path to file from the current working directory
| Excludes the named file on the named path only.
|
Relative path from current working directory | Excludes the named directory
For example this maps to |
More resources