Configure trusted and ignored applications for File Encryption

You can define applications as trusted to grant them access to encrypted files. This is for example necessary to enable antivirus software to scan encrypted files.

You can also define applications as ignored to exempt them from transparent file encryption/decryption. For example, if you define a backup program as an ignored application, encrypted data backed up by the program remains encrypted.
Note: Child processes will not be trusted/ignored.
  1. In the Policies navigation area, create a new policy of the type General Settings or select an existing one.
  2. Under File Encryption, click the drop-down button of the Trusted Applications or Ignored Applications field.
  3. In the editor list box, enter the applications to be defined as trusted/ignored.
    • You can define multiple trusted/ignored applications in one policy. Each line in the editor list box defines one application.
    • Application names must end with .exe.
    • Application names must be specified as fully qualified paths including drive/directory information, for example "c:\dir\example.exe". Entering the file name only (for example "example.exe") is not sufficient. For better usability the single line view of the application list only shows the file names separated by semicolons.
    • Application names can contain the same placeholder names for Windows shell folders and environment variables as encryption rules in File Encryption policies. For a description of all available placeholders, see Placeholders for paths in location-based File Encryption rules.
  4. Save your changes.
Note: The Trusted Applications and Ignored Applications policy settings are machine settings. The policy must therefore be assigned to machines, not to users. Otherwise the settings do not become active.