Antivirus exclusions allow you to prevent Check Point Harmony Endpoint from scanning or blocking specific files, folders, processes, or network resources. Properly configured exclusions help avoid false positives and performance issues while maintaining security. This guide covers how to create and manage exclusions in the Infinity Portal.
Prerequisites
Before configuring exclusions, ensure you have:
- Infinity Portal access with Policy Administrator permissions
- Harmony Endpoint EPMaaS with deployed endpoints
- Documentation of applications requiring exclusions
- Verification that items to exclude are legitimate (not malware)
Understanding Exclusion Types
Harmony Endpoint supports various exclusion types for different scenarios:
| Exclusion Type | Use Case | Capability Support |
|---|---|---|
| File Path | Exclude specific file | Anti-Malware, Behavioral Guard |
| Folder Path | Exclude directory contents | Anti-Malware, Behavioral Guard |
| File Extension | Exclude all files of type | Anti-Malware |
| Process | Exclude running application | Anti-Malware, Threat Emulation |
| MD5/SHA1 Hash | Exclude specific file version | Anti-Malware, Quarantine |
| URL/Domain | Exclude web resource | Anti-Bot, Zero-Phishing |
| IP Address | Exclude network destination | Anti-Bot, Firewall |
| Certificate | Exclude signed applications | Anti-Malware, Behavioral Guard |
Accessing the Exclusions Center
- Log in to the Infinity Portal at https://portal.checkpoint.com
- Navigate to Harmony Endpoint > Policy
- Go to Threat Prevention > Policy Capabilities
- Select the rule you want to modify
- In the Capabilities & Exclusions pane, click Exclusions Center
The Exclusions Center provides a unified interface for managing all exclusion types.
Creating Smart Exclusions (Recommended)
Smart Exclusions are the modern exclusion method that applies immediately without requiring a policy installation.
Step 1: Open Smart Exclusions
- In the Exclusions Center, click the Smart Exclusions tab
- Click Add Exclusion
Step 2: Configure the Exclusion
- Name: Enter a descriptive name (e.g., "SQL Server Data Files")
- Description: Document the business justification
- Operating System: Select target OS (Windows, macOS, Linux, or All)
- Capabilities: Choose exclusion scope:
- All supported: Applies to all protection capabilities
- Select specific: Choose individual capabilities
Step 3: Define Exclusion Criteria
Select the exclusion type and configure:
File or Folder Exclusion:
C:\Program Files\MyApplication\data\
C:\Users\*\AppData\Local\MyApp\cache\*
Process Exclusion:
C:\Program Files\Development\compiler.exe
*\java.exe
Wildcard Syntax:
*matches any characters in a single path component**matches across directory levels?matches a single character
Step 4: Configure Advanced Options
Chained Exclusions (Child Processes):
- For process exclusions, toggle Inherit exclusion to child processes
- This excludes all processes spawned by the excluded parent
Example: Excluding Visual Studio with child processes:
- Excludes
devenv.exe - Also excludes
MSBuild.exe,VBCSCompiler.exespawned by VS
Step 5: Save the Exclusion
- Click Add to save the exclusion
- Smart Exclusions apply automatically to connected endpoints
- Verify in the exclusions list
Creating Capability-Specific Exclusions
For granular control, create exclusions within specific capabilities.
Anti-Malware Exclusions
- In Exclusions Center, expand Anti-Malware
- Select the exclusion type:
File/Folder Exclusions:
C:\DatabaseFiles\*.mdf
C:\DatabaseFiles\*.ldf
C:\LogFiles\**\*.log
File Extension Exclusions:
.mdf
.ldf
.bak
MD5 Hash Exclusions (Endpoint version E80.80+):
1234567890abcdef1234567890abcdef
Riskware Exclusions:
- Select riskware categories to allow (remote admin tools, etc.)
Threat Emulation Exclusions
- Expand Threat Emulation in Exclusions Center
- Add exclusions:
Folder Exclusions:
C:\TrustedDownloads\
SHA1 Hash Exclusions:
da39a3ee5e6b4b0d3255bfef95601890afd80709
Domain Exclusions:
trusted-vendor.com
updates.mycompany.com
Anti-Bot Exclusions
- Expand Anti-Bot in Exclusions Center
- Add exclusions:
URL Exclusions:
https://internal-app.mycompany.com
Domain Exclusions:
mycompany.com
trusted-partner.com
IP Address Exclusions:
192.168.100.0/24
10.0.0.50/32
Zero-Phishing Exclusions
- Expand Zero-Phishing in Exclusions Center
- Add trusted domains and URLs:
sso.mycompany.com
intranet.mycompany.com
Quarantine Exclusions
Prevent specific items from being quarantined even if detected:
- Expand Quarantine in Exclusions Center
- Add exclusions by:
- Certificate (signer identity)
- File path
- Folder path
- MD5 hash
- SHA1 hash
- File extension
Warning: Quarantine exclusions allow potentially malicious files to remain active. Use with extreme caution and only for thoroughly verified applications.
Server Role Exclusions
Harmony Endpoint includes built-in exclusions for common server roles based on Microsoft and Check Point recommendations.
Enable Server Optimization
- Go to Policy > Threat Prevention > Policy Capabilities
- Select the rule for server endpoints
- Click Advanced Settings
- Enable Endpoint for Server Optimization
- Select server roles:
- SQL Server
- Exchange Server
- SharePoint Server
- IIS Web Server
- File Server
- Domain Controller
- Hyper-V Host
Review Applied Exclusions
- In Exclusions Center, view Server Role Exclusions
- Review the automatically applied exclusions:
- Database files and processes
- Mail store locations
- Active Directory files
- IIS application pools
- Add custom exclusions for additional server applications
Global Exclusions
Create exclusions that apply to all policy rules.
Step 1: Access Global Exclusions
- Go to Policy > Threat Prevention > Exclusions Center
- Click Global Exclusions tab
Step 2: Add Global Exclusion
- Click Add Exclusion
- Configure exclusion criteria
- Global exclusions apply to all rules and virtual groups
Best Use Cases for Global Exclusions
- Enterprise backup software
- Centralized management agents
- Company-wide development tools
- Universal security software
Common Exclusion Scenarios
Development Environment
Exclude development tools and build output:
# Visual Studio
C:\Program Files\Microsoft Visual Studio\**\*
C:\Users\*\AppData\Local\Microsoft\VisualStudio\**\*
# Build output
C:\Projects\**\bin\**\*
C:\Projects\**\obj\**\*
# Node.js
*\node.exe
C:\Users\*\AppData\Roaming\npm\**\*
Database Servers
Exclude database files for performance:
# SQL Server
C:\Program Files\Microsoft SQL Server\**\*.mdf
C:\Program Files\Microsoft SQL Server\**\*.ldf
C:\Program Files\Microsoft SQL Server\**\*.ndf
# Process exclusions
*\sqlservr.exe
*\sqlagent.exe
Backup Software
Exclude backup agents and storage:
# Veeam
C:\Program Files\Veeam\**\*
C:\VeeamBackup\**\*
# Process exclusions
*\VeeamAgent.exe
*\VeeamBackupSvc.exe
Virtualization
Exclude hypervisor components:
# Hyper-V
C:\ProgramData\Microsoft\Windows\Hyper-V\**\*
C:\ClusterStorage\**\*.vhdx
# VMware
C:\Program Files\VMware\**\*
*\vmware-vmx.exe
Exclusion Best Practices
Security Guidelines
| Do | Don't |
|---|---|
| Use specific paths | Exclude entire drives |
| Use hash exclusions when possible | Exclude based on file name only |
| Document business justification | Add exclusions without review |
| Review exclusions quarterly | Set and forget exclusions |
| Test exclusions in pilot group | Apply globally without testing |
| Use certificate exclusions for vendors | Trust unsigned executables broadly |
Exclusion Hierarchy (Most to Least Specific)
- Hash (SHA1/MD5) - Most secure, specific file version
- Certificate - All files from trusted signer
- Full file path - Specific file location
- Process with path - Specific executable
- Folder path - Directory contents
- File extension - Least specific, use sparingly
Performance Considerations
- Excessive exclusions can slow down policy evaluation
- Wildcard exclusions (
**) are more resource-intensive - Consider using hash exclusions for static files
- Review and consolidate exclusions periodically
Auditing and Managing Exclusions
Export Exclusions
- In Exclusions Center, click Export
- Select export format (CSV or JSON)
- Save for documentation or backup
Review Exclusion Usage
- Go to Logs & Events
- Filter by exclusion-related events
- Identify unused exclusions for cleanup
Bulk Operations
For large-scale exclusion management:
- Export current exclusions
- Modify in spreadsheet application
- Import updated exclusions
- Verify changes applied correctly
Troubleshooting Exclusion Issues
Exclusion Not Working
Symptoms: Files still being scanned or blocked despite exclusion.
Solutions:
- Verify exclusion syntax (check wildcards)
- Confirm exclusion applies to correct capability
- Check exclusion scope (correct virtual groups)
- For Smart Exclusions, verify client version supports feature
- Force policy download on endpoint
- Check if file matches multiple rules (more specific may override)
False Positives Persist
Symptoms: Application still flagged after exclusion.
Solutions:
- Use more specific exclusion (hash vs. path)
- Add exclusion to multiple capabilities if needed
- Check if child processes need exclusion
- Review exact file path being flagged in logs
- Contact Check Point support with detection details
Performance Issues After Exclusions
Symptoms: Scans taking longer with many exclusions.
Solutions:
- Consolidate overlapping exclusions
- Use folder exclusions instead of individual files
- Review exclusions for necessity
- Consider hash exclusions for static files
- Remove deprecated or test exclusions
Next Steps
After configuring exclusions:
- Document all exclusions in your security policy documentation
- Monitor for new false positives as applications update
- Review quarterly to remove unnecessary exclusions
- Train IT staff on exclusion request procedures
- Implement approval workflow for new exclusion requests
Additional Resources
- Check Point Exclusions Documentation
- Legacy Exclusions Guide
- sk162553 - Understanding Anti-Malware Exclusions
- Check Point CheckMates Community
Need help configuring Harmony Endpoint exclusions? Inventive HQ provides expert Check Point configuration services to ensure optimal protection while minimizing false positives. Contact us for a free consultation.