Jump to content

criteria for excluding files, folders, IP, web addresses

Recommended Posts

I would like some insights about criteria for excluding items from a scan.  Malwarebytes provides very basic instructions for how to exclude items but I can't find any information about the criteria for doing so.  


The assumption seems to be that users are either simpletons or advanced users.   However, I (and presumably many others) fit in neither category.


Web addresses I know to be safe could probably be excluded but how do I know if a folder or file could be considered immune from infection?  Where is information about this that is geared to people like me?


Thank you.

Link to post
Share on other sites


Unfortunately the very nature of a user-controlled exclusions interface has no such criteria. It is entirely up to the user to decide whether or not they wish to exclude a particular item, otherwise we would simply ship the product with a built in white list.

There are many reasons a user might wish to exclude an item and the circumstances which might influence a user to exclude an item can vary greatly, but here are a few of the most common:

  • Compatibility with other software - Most commonly this would be something like another security application such as the user's antivirus application. Users will often exclude their other security softwares' folders and files from one another when possible in order to either resolve existing conflicts or performance issues or to prevent them. It is also possible (though rare) that the user has installed some piece of software which is not a security application yet exhibits some sort of conflict or performance problem when run alongside Malwarebytes Anti-Malware or some other security application. In cases like this, such problems might also be resolved by excluding the application.
  • Improving scan times - Sometimes users are very restrictive of certain locations from being scanned due to the user themselves monitoring the location closely to ensure no files exist there which they do not trust or which are all of a specific file type that they believe is benign (I am not going to speculate as to whether or not this is always valid however, as I have seen many forms of malware that themselves imitate such benign file types such as MP3s, picture files, documents or videos) and they want these locations skipped from being scanned in order to reduce scan times. For example, a user might exclude their music folder which could contain thousands of music files.
  • PUP (Potentially Unwanted Program) detections - There are cases where Malwarebytes might detect an object on the system as a PUP, but the user is aware of what the item is and they wish to continue using it, such as a toolbar that might track their browsing habits and/or display advertisements and/or skewed/sponsored search results. Rather than always telling Malwarebytes not to remove the item whenever it is detected, they might instead add the item to their exclusions so that it is no longer detected at all.
  • False positives - If an item is detected that the user knows is safe, they might choose to add the item to their exclusions. This however is not recommended because if it is a true false positive, it would be far more helpful not only for that user, but for all users if they instead reported it to Malwarebytes so that our Research team could get the false positive corrected. It is also possible that the user might be mistaken about the detected item actually being a false positive and they could in fact be excluding an item that is truly malicious.
I apologize if that's information overload, but I wanted to provide as reasonable and informative of a response as I could for such a potentially broad sweeping aspect of the application and the way that users might utilize it.

With regards to websites (which you'll note I did not include in my list above), you are quite correct that the most common reason for using that aspect is to exclude a website which the user believes to be safe to visit (or they simply choose to take the risk as whatever content the site might contain is more important to them than the possible risk to their system).

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.