About the trusted zone

17 May 2024

ID 134578

The trusted zone contains files, folders, and objects that you consider safe. Kaspersky Endpoint Security Cloud does not scan or monitor items from this zone. In other words, the trusted zone is a set of scan exclusions.

Scan exclusions make it possible to safely use legitimate applications that intruders can use to compromise your users' devices or personal data, although such applications do not have any malicious functions. You may also need to add an item to the trusted zone if Kaspersky Endpoint Security Cloud blocks access to an application even though you are absolutely sure that this application is harmless.

When an application is added to the trusted zone, its file activity and network activity is not monitored, even if such activity can raise concern. However, Kaspersky Endpoint Security Cloud still scans the executable file and the process of the trusted application.

You can add items to the trusted zone by using the following methods:

  • Specify the path to a file or folder (for example, C:\Program Files\Radmin Viewer 3\RAdmin.exe).

    When using this method, you can use environment variables (for example, %ProgramFiles%). You can also use masks:

    • The * (asterisk) character takes the place of any set of characters, except for the \ and / characters (delimiters of the names of files and folders in paths to files and folders).

      For example, the mask C:\*\*.txt will include all paths to files with the TXT extension located in first-level folders on drive C:, but not in subfolders.

    • Two consecutive * characters take the place of any set of characters (including an empty set) in the file or folder name, including the \ and / characters (delimiters of the names of files and folders in paths to files and folders).

      For example, the mask C:\Folder\**\*.txt will include all paths to files with the TXT extension located in the folder named Folder and all its subfolders. The mask must include at least one nesting level. The mask C:\**\*.txt is not a valid mask.

    • The ? (question mark) character takes the place of any single character, except for the \ and / characters (delimiters of the names of files and folders in paths to files and folders).

      For example, the mask C:\Folder\???.txt will include paths to all files residing in the folder named Folder that have the TXT extension and a name consisting of three characters.

  • Enter the name of an object according to the classification of the Kaspersky IT Encyclopedia (for example, Email-Worm, Rootkit, or RemoteAdmin).

    When using this method, you can use masks:

    • The * (asterisk) character takes the place of any set of characters.

      For example, the mask *RemoteAdmin.* will include all kinds of software for remote administration.

    • The ? (question mark) character takes the place of any single character.

You can use any or both of these methods in each exclusion. The following rules apply:

  • If you specify only a file or folder in an exclusion, Kaspersky Endpoint Security Cloud does not scan this file or folder.
  • If you specify only an object in an exclusion, Kaspersky Endpoint Security Cloud does not detect this object when scanning any files in any folders.
  • If you specify a file or folder, and an object simultaneously in an exclusion, Kaspersky Endpoint Security Cloud does not detect this object but still detects any other object when scanning this file or folder.

See also:

Configuring the trusted zone on Windows devices

Configuring the trusted zone on Mac devices

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.