Creating a local trusted zone

Support

Support for business applications

Kaspersky Endpoint Security 12 for Windows

Trusted zone

Creating a local trusted zone

25 April 2024

ID 128356

The user now can create their own local trusted zone for a specific computer. This way, the user can create their own local lists of scan exclusions and trusted applications in addition to the general trusted zone in a policy. An administrator can allow or block the use of local exclusions or local trusted applications in policy settings. To do so, use the Allow use of local exclusions and Allow use of local trusted applications check boxes in the Exclusions section of the policy.

If creating a local trusted zone is allowed by an administrator, the user can add their own scan exclusions and trusted applications in the user interface of the application. At the same time, the user does not have permissions to modify or delete objects from the trusted zone configured in the policy. The administrator can also view, add, modify, or delete list items in the Kaspersky Security Center console if exclusions need to be added for an individual computer.

How to add an object to the local trusted zone in the Administration Console (MMC)

How to add an object to the local trusted zone in Web Console and Cloud Console

How to create a local scan exclusion in the application interface

In the main application window, click the button.
In the application settings window, select General settings → Exclusions and types of detected objects.
In the Exclusions block, click the Manage exclusions link.

Settings of exclusions
Click Add.
If you want to exclude a file or folder from scans, select the file or folder by clicking the Browse button.
You can also enter the path manually. Kaspersky Endpoint Security supports environment variables and the * and ? characters when entering a mask:
- The * (asterisk) character, which takes the place of any set of characters, except the \ and / characters (delimiters of the names of files and folders in paths to files and folders). For example, the mask C:\*\*.txt will include all paths to files with the TXT extension located in folders on the C: drive, but not in subfolders.
- Two consecutive * characters take the place of any set of characters (including an empty set) in the file or folder name, including the \ and / characters (delimiters of the names of files and folders in paths to files and folders). For example, the mask C:\Folder\**\*.txt will include all paths to files with the TXT extension located in folders nested within the Folder, except the Folder itself. The mask must include at least one nesting level. The mask C:\**\*.txt is not a valid mask.
- The ? (question mark) character, which takes the place of any single character, except the \ and / characters (delimiters of the names of files and folders in paths to files and folders). For example, the mask C:\Folder\???.txt will include paths to all files residing in the folder named Folder that have the TXT extension and a name consisting of three characters.
  You can use masks at the beginning, in the middle or at the end of the file path. For example, if you want to add a folder for all users to exclusions, enter the C:\Users\*\Folder\ mask.
If you want to exclude a specific type of object from scans, in the Object field enter the name of the object type according to the classification of the Kaspersky Encyclopedia (for example, Email-Worm, Rootkit or RemoteAdmin).
You can use masks with the ? character (replaces any single character) and the * character (replaces any number of characters). For example, if the Client* mask is specified, Kaspersky Endpoint Security excludes Client-IRC, Client-P2P and Client-SMTP objects from scans.
If you want to exclude an individual file from scans, enter the file hash in the File hash field.
If the file is modified, the file hash will also be modified. If this happens, the modified file will not be added to exclusions.
In the Protection components block, select the components that you want the scan exclusion to apply to.
If necessary, in the Comment field, enter a brief comment on the scan exclusion that you are creating.
Select the Active status for the exclusion.
You can stop the exclusion at any time using the toggle.
Save your changes.

List of exclusions

How to add an application to the list of local trusted applications in the application interface

Kaspersky Endpoint Security for Windows: Detection of advanced threats

Control systems which prevent damage from the sensitive data theft. Management from a single console. Buy as part of Endpoint Security for Business Advanced.

Kaspersky Premium Support (MSA): High‑priority incident processing

Telephone and web ticket support. Fast response, monitoring and health check. Submit a request and activate the contract (MSA).

Did you find this article helpful?

What can we do better?

Thank you for your feedback! You're helping us improve.