Scan Exclusion Settings for Mac
Configure scan exclusions to increase the scanning performance and skip the scanning of files that are known to be harmless. When a particular scan type runs, Core Protection Module for Mac checks the scan exclusion list to determine which files to exclude from scanning.
Scan Exclusion List
- Files: Core Protection Module for Mac does not scan a file if:
- The file's directory path is the same as the path specified in the scan exclusion list.
- The file matches the full file path (directory path and file name) specified in the scan exclusion list.
- File Extensions: Core Protection Module for Mac does not scan a file if the file extension matches any of the extensions included in the exclusion list.
Scan Exclusion Lists (Files)
Administrators must follow specific criteria when configuring the file exclusion list.
- Core Protection Module for Mac supports a maximum of 64 file exclusions.
- Administrators cannot only type a file name. Core Protection Module for Mac requires a full file path.
- Administrators must type properly formatted paths.
Examples:
- Full file path: excludes a specific file.
- Example 1:
/file.log
- Example 2:
/System/file.log
- Example 1:
- Directory path: excludes all files located on a specific folder and all subfolders.
- Example 1:
/System/
- Examples of files excluded from scans:
/System/file.log
/System/Library/file.log
- Examples of files excluded from scans:
- Example 2:
/System/Library
- Examples of files excluded from scans:
/System/Library/file.log
/System/Library/Filters/file.log
- Examples of files excluded from scans:
- Examples of files that Core Protection Module for Mac scans:
/System/file.log
- Example 1:
Use the asterisk wildcard (*) in place of folder names. See the examples below.
- Full file path:
/Users/Mac/*/file.log
- Examples of files excluded from scans:
/Users/Mac/Desktop/file.log
/Users/Mac/Movies/file.log
- Examples of files that Core Protection Module for Mac scans:
/Users/file.log
/Users/Mac/file.log
- Examples of files excluded from scans:
- Directory path:
- Example 1:
/Users/Mac/*
- Examples of files excluded from scans:
/Users/Mac/doc.html
/Users/Mac/Documents/doc.html
/Users/Mac/Documents/Pics/pic.jpg
- Examples of files that Core Protection Module for Mac scans:
/Users/doc.html
- Examples of files excluded from scans:
- Example 2:
/*/Components
- Examples of files excluded from scans:
/Users/Components/file.log
/System/Components/file.log
- Examples of files that Core Protection Module for Mac scans:
/file.log
/Users/file.log
/System/Files/file.log
- Examples of files excluded from scans:
- Example 1:
Note: Core Protection Module for Mac does not support partial matching of folder names.
For example, administrators cannot type
/Users/*user/temp
to
exclude files on folder names ending in user
, such as
end_user
or new_user
.Configure Scan Exclusion Lists
- From the IBM BigFix Console, click Endpoint Protection on the lower-left pane.
- From the upper-left navigation pane, go to Core Protection Module > Configuration > Scan Exclusion Settings for Mac > Scan Exclusion Settings. The Scan Exclusion Settings for Mac wizard opens.
- Select the Enable scan exclusions check box.
- Select Exclude Trend Micro directories (reduce false positives).
- Select Exclude BigFix directories (improves performance).
- To configure the Scan Exclusion List for files:
- Type a full file path or directory path and click E.
- To delete a path, select the file path and click Remove Selected Item.
- To configure the Scan Exclusion List (File Extensions):
- Type a file extension without a period (.) and click
Add. For example, type
pdf
.Note: Core Protection Module for Mac supports a maximum of 64 file extension exclusions. - To delete a file extension, select the extension and click Remove Selected Item.
- Type a file extension without a period (.) and click
Add. For example, type
- Click Create Configuration Task.... The Create Task screen opens.
- Type a name for the task or accept the default name. Click OK. The Take Action screen appears.
- In the Target tab, a list of endpoints that are running the CPM for Mac client opens.
- Select all applicable computers and then click OK.
- In the Action | Summary window that opens, monitor the "Status" and "Count" of the Action to confirm that it is "Running" and then "Completed."