By excluding specific programs, web addresses, or file locations, you can improve Malwarebytes performance in your environment. For example, multiple security programs can interfere with each other and cause systems to slow down. You may also require exclusions if a trusted application or data file is flagged. Excluded items are not scanned or checked by real-time protection. This article provides an overview of how exclusions work in Nebula.
On the left navigation menu, go to Configure > Exclusions to access exclusions.
The Exclusions screen contains a list of all exclusions across your endpoints and policies.
There is an additional toggle in the upper right of the screen that allows you to Exclude GPO PUMs. For more information on GPO PUMs, see Group Policy registry keys detected as PUMs in Endpoint Protection.
Additionally, exclusions can be created from items that are already detected or quarantined from the Detections and Quarantine pages. For more information, see the following links:
Policy Level Exclusions
You may choose to create exclusions globally or at a policy level. Policy level exclusions apply only to the policies chosen in the exclusion. When creating or editing an exclusion, simply select the policies you want the exclusion to apply to.
Use the drop-down menus at the top of the Exclusions screen to limit the number of exclusions displayed. You may filter exclusions by the following:
- Display: Limits the number of on-screen results
- Exclusion Type: Limits types of exclusions to a single type
- Policies Included: Select which policies are affected by the exclusions you are searching for.
In the Policy Included column, hover your cursor over the list icon to quickly show the policies affected by that exclusion. Click any of the displayed policies to jump to the Settings for that policy.
Exclusion Types
You can add several types of exclusions to meet your needs. Some exclusions support wildcards, as listed here:
- Asterisk (*) - Matches any number of any characters.
- Double Asterix (**) - Matches multiple sub-folders.
- Question mark (?) - Matches any single character.
TIP - Add each exclusion as a separate entry.
When you add an exclusion, it is applied to appropriate protection layers based on the Exclusion Type. Not all exclusion types can be applied to all layers.
See the tables below for examples and the supported protection layers of each exclusion type.
Windows
Exclusion Type | Supported Protection Layers | Example(s) |
Command Line | Suspicious Activity |
|
File by Path |
Malware Protection Ransomware Protection Suspicious Activity |
|
Folder by Path |
Malware Protection Ransomware Protection Suspicious Activity |
When using wildcards with folder names, a single asterisk (*) denotes any single folder, while a double asterisk (**) denotes any number of folders.
|
File Extension | Malware Protection |
|
MD5 Hash |
Exploit Protection Suspicious Activity |
|
Registry Key |
Malware Protection Suspicious Activity |
Notes:
|
Web Monitoring | Website Protection |
|
Website |
Website Protection Suspicious Activity |
|
IP Address |
Website Protection Suspicious Activity Brute Force Protection |
|
Mac
Exclusion Type | Supported Protection Layers | Example(s) |
File by Path |
Malware Protection Suspicious Activity |
|
Folder by Path |
Malware Protection Suspicious Activity |
Using a tilde (~) indicates a path relative to the user's home directory.
|
MD5 Hash | Suspicious Activity |
|
Linux
Exclusion Type | Supported Protection Layers | Example(s) |
File by Path |
Malware Protection Suspicious Activity |
|
Folder by Path |
Malware Protection Suspicious Activity |
|
MD5 Hash | Suspicious Activity |
|