User guide
K A S P E R S K Y A N T I - V I R U S 2 0 1 0
104
EXCLUSION RULES
Potentially dangerous software does not have any malicious functions but can be used as an auxiliary component for a
malicious code, since it contains holes and errors. This category includes, for example, remote administration programs,
IRC clients, FTP servers, various utilities for halting or concealing processes, keyloggers, password crackers, autodialers,
etc. These programs are not classified as viruses (not-a-virus). They can be subdivided into different types, such as
Adware, Joke, Riskware, etc. (for more details on potentially dangerous programs detected by the application see the
Virus Encyclopedia at www.viruslist.com). After the scan, such programs may be blocked. Since several of them are
widely used by users, you have the option of excluding them from the scan.
For example, you may frequently use the Remote Administrator program. This is a remote access program which allows
you to work on a remote computer. Kaspersky Anti-Virus views the activity of this program as potentially dangerous and
may block it. If you do not wish the application to be blocked, you should create an exclusion rule for the application
which is detected as not-a-virus:RemoteAdmin.Win32.RAdmin.22 according to the Virus Encyclopedia.
Exclusion rules are sets of conditions that Kaspersky Anti-Virus uses to verify if it can skip the scan of an object.
You can exclude files of certain formats from the scan, use a file mask, or exclude a certain area (for example, a folder or
a program), program processes, or objects according to the Virus Encyclopedia's threat type classification.
Threat type is the status Kaspersky Anti-Virus assigns to an object upon scanning. A status is assigned based on the
classification of malicious and potentially dangerous programs listed in the Kaspersky Lab's Virus Encyclopedia.
Adding an exclusion creates a rule that can be used by several application components (such as File Anti-Virus (see
section "Computer file system protection" on page 41), Mail Anti-Virus (see section "Mail protection" on page 51), Web
Anti-Virus (see section "Web traffic protection" on page 58)), and by virus scan tasks.
To create an exclusion rule, please do the following:
1. Open the main application window and click the Settings link in the top part of the window.
2. In the window that will open, select the Threats and exclusions section.
3. In the Exclusions section, click the Settings button.
4. In the window that will open, on the Exclusion rules tab, click the Add link.
5. In the Exclusion rule window that will open, edit the exclusion rule settings.
SEE ALSO:
Additional exclusion settings ......................................................................................................................................... 104
Allowed file exclusion masks ......................................................................................................................................... 105
Allowed threat type masks ............................................................................................................................................. 105
A D D I T I O N A L E X C L U S I O N S E T T I N G S
For certain objects (by threat type), in the Advanced settings field, you can specify the advanced conditions of the rule's
application. For example, it may be necessary to specify advanced settings in the following cases:
Invader (intrusion into the applications' processes). For this type of threat, you can give a name, mask, or
complete path to the object being embedded (for example, a .dll file) as an additional exclusion condition.
Launching Internet Browser (launching the browser with certain settings). For this type of threat, you can specify
browser startup settings as additional exclusion settings. For example, you wish to allow the browser's startup
for the www.kaspersky.com domain using a link from Microsoft Office Outlook. To do so, specify the Microsoft
Office Outlook application as an exclusion Object, Launching Internet Browser as a Threat type, and enter an
allowed domain mask in the Advanced settings field.