Excluding files and folders from EDD scans

After reviewing the results of an EDD scan, you may find that there are files and folders that you want to exclude from the results. You can create a scan exclusion to instruct the DAR component A lightweight software component of the Secure Endpoint Agent that detects at-risk data stored on a Windows or Mac device during an EDD scan. The DAR component is deployed on a device only when the device is associated with a policy group in which the Endpoint Data Discovery policy is activated. to skip over a specified file or folder during an EDD scan.

Specifically, you can exclude:

  • Files with a particular file extension

    Note that you can't exclude files by file name.

  • Folders

Scan exclusions apply to all devices in your account with an activated Endpoint Data Discovery policy.

After you add a new scan exclusion, updated Match Scores won't show in the console until the next scheduled EDD scan results are uploaded from each device. Alternatively, you can request an EDD scan to see updated results sooner.

To access the Scan exclusions page:

  1. Log in to the Secure Endpoint Console as user with the Manage permission for Endpoint Data Discovery.
  2. On the navigation bar, click Policies > EDD Rules.
  3. At the top of the sidebar, click Scan exclusions.

The information on the Scan exclusions page is organized in the following report columns:

  • Exclusion: the file extension or folder that is skipped when an EDD scan occurs on a device

    Folders are indicated by a icon; file extensions are indicated by a icon. To view the file type associated with a file extension, hover over the file extension. If the file extension is not a known extension, Unknown shows.

    This column also shows the operating system that a folder scan exclusion applies to, and a Remove icon.

  • Last modified: the date the scan exclusion was added or edited, and the associated user

To search for a folder or file extension, enter it in the Search field and click Search.

To filter the items, click the Exclusion type quick filter and select Folder or File extension. Click outside the filter to apply your change.

You can add a new scan exclusion from the Scan exclusions page. You can also add a scan exclusion when you're reviewing a file's EDD matches.

When adding new scan exclusions, note that there is a maximum number of scan exclusions allowed per account:

  • File extensions: 100

  • Folders: 200

To exclude a file extension or folder:

  1. On the Scan exclusions page, do one of the following:

    • To exclude a folder:

      1. Click Exclude folder.

      2. In the field that opens under Exclusion, enter the full path for the folder.

        Ensure that you use back slashes (\) for Windows paths and forward slashes (/) for Mac paths. The applicable operating system icon is shown as soon as you type a slash.

        For help entering a path, and to view supported wildcards, click View examples. To close the Exclusion pattern dialog when you're done, click .

    • To exclude one or more file extensions:
      1. Click Exclude file extension.
      2. In the field that opens under Exclusion, begin typing the file extension that you want to exclude. Do not include the period (.).

      3. Select the extension from dropdown list. The file extension is added.

      4. Repeat steps b and c for each file extension that your want to exclude. To remove an item, click its x icon. To edit an item click its icon, and update the text.
  2. Click outside the field. The item is added. If you entered multiple file extensions, they are added as separate items. Unsaved shows in the Last modified column.
  3. [Optional] To add another scan exclusion, repeat steps 1 and 2.
  4. [Optional] To remove an item, click its (Remove) icon.
  5. [Optional] To remove your changes, click Undo.
  6. When you're finished, click Save.

You can add a scan exclusion while you're reviewing a file's EDD matches from any of the following pages or reports:

In this case, two new scan exclusions are added by default:

  • An exclusion containing the full path to the file you are reviewing

  • An exclusion containing the file's file extension

You can edit or remove these default scan exclusions, or add additional ones.

To add an additional scan exclusion:

  1. Log in to the Secure Endpoint Console as user with the Manage permission for Endpoint Data Discovery.
  2. Navigate to any EDD related page that shows linked file names in the result grid. For example, open the Reporting Data report in the Reports area.
  3. In the File name column, click the file name of the file you want to exclude.
  4. In the dialog that opens, click Add scan exclusion.

  5. Do one or more of the following:

    • To remove either of the default scan exclusions, click its (Remove) icon.

      If the file extension is already excluded, an error message shows. Click the scan exclusion's (Remove) icon to resolve the error message.

    • To edit a default scan exclusion, click the scan exclusion, make the desired edits., and click outside the field. The item is added.

    • To add a folder scan exclusion:

      1. Click Exclude folder.

      2. In the field that opens under Exclusion, enter the full path for the folder.

        Ensure that you use back slashes (\) for Windows paths and forward slashes (/) for Mac paths. The applicable operating system icon is shown as soon as you type a slash.

        For help entering a path, and to view supported wildcards, click View examples. To close the Exclusion pattern dialog when you're done, click .

      3. Click outside the field. The item is added.

    • To add one or more file extension scan exclusions:
      1. Click Exclude file extension.
      2. In the field that opens under Exclusion, begin typing the file extension that you want to exclude. Do not include the period (.).

      3. Select the extension from dropdown list. The file extension is added.

      4. Repeat steps b and c for each file extension that your want to exclude. To remove an item, click its x icon. To edit an item click its icon, and update the text.
      5. Click outside the field. The item is added. If you entered multiple file extensions, they are added as separate items.
  6. [Optional] To remove an item, click its (Remove) icon.
  7. When you're finished, click Exclude from all device scans.

To edit scan exclusions:

  1. On the Scan exclusions page, click the scan exclusion.

  2. Make the desired edits and click outside the field. Unsaved shows in the Last modified column.

  3. To edit more scan exclusions, repeat steps 1 and 2.

  4. [Optional] To remove your changes, click Undo.

  5. Click Save.

To remove scan exclusions:

  1. On the Scan exclusions page, click the (Remove) icon next to each scan exclusion you want to remove. The item is removed.

  2. [Optional] To remove your changes, click Undo.

  3. Click Save.