General settings

The general settings enable you to configure how Advanced EDR behaves with respect to updates, the removal of competitor products, and file and folder exclusions from scans.

Local alerts

Field Description

Show malware, firewall, and device control alerts

In the text box, type a custom message to include in the alert. The Advanced EDR agent will show a pop-up window with the content of the message. This feature is available for computers with a Windows, macOS, or Linux operating system installed.

Show an alert every time the web access control feature blocks a page

A pop-up window displays on the workstation or server every time Advanced EDR blocks a web page. This feature is available for computers with a Windows or macOS operating system installed.

Fields in the Local Alerts section

Updates

For more information about how to update the agent, the protection, and the signature file of the client software installed on user computers, see Product updates and upgrades.

Uninstall other security products

For more information about how to configure the action to take if another security product is already installed on user computers, see Protection deployment overview.

For a complete list of the competitor products that Advanced EDR uninstalls automatically from user computers, see Supported uninstallers.

Files and paths excluded from scans

Configure items on your computers that you do not want the security software to block, delete, or disinfect when it scans for malware.

Exclusions disable advanced protection for the specified files and file paths. Because this setting can cause potential security issues, we recommend that you only exclude files and paths to resolve performance problems.

Exclusions set by a partner

By default, you cannot edit or delete the workstations and servers settings profiles inherited from your service provider. However, the service provider can configure settings profiles to be editable, in which case the setting profile shows the label Editable exclusions. In such case, you can add exclusions in the General (Files and paths excluded from scans), Advanced protection (Anti-exploit, Code injection), and Advanced protection (AMSI) sections, but you cannot delete or edit the list of exclusions defined by the service provider.

If your service provider changes the status of the settings profile from editable to non-editable, the exclusions you added no longer apply. Only the exclusions from the service provider apply. If the service provider changes the configuration again to be editable, then the exclusions you previously added are restored and applied..

Exclude the following disk files

Specify the files on the hard disk of your protected computers that you do not want Advanced EDR to delete or disinfect.

We recommend that you use wildcards for Windows computers or substring matches for Linux/macOS computers as little as possible to be as specific as possible with regard to the files to exclude from scans.

Field Description

Extensions

Specify the extensions of files you do not want to scan.

Folders

Specify the folders whose files you do not want to scan.

Windows:

  • You can use system and user variables.

  • You cannot use user-created variables.

  • You cannot use willdcards.

Linux/macOS:

  • You cannot use system or user variables.

  • You can specify partial paths.

Files

Specify the files you do not want to scan.

Windows:

  • You can use the wildcard characters ? and * when you do not specify the path and you indicate the file name only.

  • You cannot use wildcards when you specify the full path to a file.

  • If you do not specify a file path, the file is excluded from scans in all folders where it is located. If you specify the path, the file is excluded from scans only in that folder.

Linux/macOS:

  • You cannot use wildcard characters ? or *.

  • If you do not specify a file path, the file is excluded from scans in all folders where it is located. If you specify the path, the file is excluded from scans only in that folder.

  • You can specify the partial name of a file.

Disk files you do not want Advanced EDR to scan

To prevent advanced protection from blocking trusted software, even temporarily, and make sure that telemetry data is sent to Cytomic to analyze application behavior, we recommend that you use the authorized software module instead of exclusions. For more information, see Authorized software settings.

Example: Exclude files on Windows computers

To exclude file C:\Users\mike\desktop\data.txt:

  • Files = C:\Users\mike\desktop\data.txt (recommended option).

  • Files = data.txt (not recommended; this excludes all data.txt files regardless of their path).

  • Files = C:\Users\mike\desktop\data.* (wrong; you cannot exclude files using widcards when you specify the path).

Example: Exclude paths on Windows computers

To exclude folder C:\Users\mike\desktop\:

  • FoldersC:\Users\mike\desktop\ (recommended option).

  • Folders = C:\Users\%USERNAME%\desktop\ (excludes the desktop folder for all of the computer users).

  • Folders = C:\Users\*\desktop\ (wrong; you cannot exclude folders using widcards in paths).

Example: Exclude files or folders on Linux/macOS computers

To exclude file /home/mike/data.txt:

  • Files/home/mike/data.txt (recommended option).

  • Folders/home/$USER/ (wrong; you cannot use environment variables).

  • Files/home/mike/*.txt (wrong; you cannot use wildcards).

  • Files = mik (not recommended, this excludes all files whose name or path contains the mik substring).