Adding a scan exclusion rule

Support

Support for business applications

Kaspersky Anti Targeted Attack (KATA) Platform

For security officers: Getting started with the application web interface

Managing the list of scan exclusions

Adding a scan exclusion rule

8 November 2023

ID 247767

To add to scan exclusions:

In the main window of the application web interface, select the Settings section, Exclusions subsection.
Go to the Scan exclusions tab.
In the upper-right corner of the application web interface window, click Add.
This opens the New rule window.
In the Criteria drop-down list, select one of the following criteria for adding a rule to the list of scan exclusions:
- MD5
- Format
- URL mask
- Email recipient
- Email sender
- Source IP or subnet
- Destination IP or subnet
- User Agent
If you selected Format, select the file format that you want to add from the Value drop-down list.
For example, you can select the MSOfficeDoc format.

If you selected MD5, URL mask, Email recipient, Email sender, Source IP or subnet, Destination IP or subnet, or User Agent, in the Value field, enter the value of the relevant criterion that you want to add to the list of scan exclusions:

If you selected MD5, enter the MD5 hash of the file in the Value field.

If you selected URL mask, enter the URL mask in the Value field.

You can use the following special characters in the mask:

* – any sequence of characters.

Example:

If you enter *abc* as the mask, the application considers as safe any URL that contains the sequence abc. For example, www.example.com/download_virusabc

? – any single character.

Example:

If you enter example_123?.com as the mask, the application considers as safe any URL that contains the given character sequence and any character following 3. For example, example_1234.com

If the * or ? characters are part of the full URL that you want to add to the list of scan exclusions, use the \ character when entering the URL to escape a single *, ?, or \ character that follows it.

Example:

You need to add the following URL as a trusted address: www.example.com/download_virus/virus.dll?virus_name=

You do not want the application to treat ? as a special mask character so you put a \ character before the ? character.

The URL added to the list of scan exclusions looks as follows: www.example.com/download_virus/virus.dll\?virus_name=

If you selected Email recipient or Email sender, enter the email address in the Value field.
If you selected User Agent, enter the User agent header of HTTP requests containing browser information in the Value field.
If you selected Source IP or subnet or Destination IP or subnet, enter the address or subnet (for example, 255.255.255.0) in the Value field.

In the URL mask, Email recipient, and Email sender field, you can enter domain names containing Cyrillic characters. In this case, the address is converted to Punycode and processed in accordance with application settings.

Click Add.

The rule is added to the scan exclusion list.

Users with the Security auditor and Security officer roles cannot add a scan exclusion rule.

Kaspersky Professional Services

Implementation services. Health check and security system configuration. Contact us if you need expert help.

Kaspersky Premium Support (MSA): High‑priority incident processing

Telephone and web ticket support. Fast response, monitoring and health check. Submit a request and activate the contract (MSA).

Did you find this article helpful?

What can we do better?

Thank you for your feedback! You're helping us improve.