Exclusions not working


I have a file that CCS keeps quarantining no matter what I do to exclude it. I have rated the file as trusted. Added the exe file name, and path to the exe in all exclusion profiles, yet it STILL keeps getting caught.

This file below is in the quarantine. Its rated as trusted. Its excluded. Yet everytime I restore it from quarantine, it goes right back in.

The path’s have been blanked for privacy reasons. Here is the path where that exe lives in the exclusions on the profile for this server (last entry)

What am I missing here to exclude this file?

Hello @eztech,

To fix this issue, please follow our Help Guide links below (in order):

1.) Create File Group(s) - see attached file
See here: Create And Manage File Groups, Security Manager, Manage File Groups, Endpoint Manager

  • Once created, you may now add all files that you want to exclude/whitelist. Make sure you put the exact path.
  • You can also use Wildcards (may also see on the attached file).

2.) Add the File Group(s) in Containment Exclusions
See here: Containment Settings, Containment Computer Security, Desktop Software, Endpoint Manager

3.) Add the File Group(s) in Antivirus Exclusions
See here: Antivirus Settings, Antivirus Software, Virus Scan, Endpoint Manager | Xcitium

4.) Add the File Group(s) in Application Rules under Firewall Settings and Allow
See here: Firewall Settings, PC Firewall, Firewall Protection, Endpoint Manager

We look forward for a positive outcome.

ITSMwhite-listingbypath-210317-1933-22.pdf (299 KB)

Dear Anna,

this does not work.

I have a few tickets open currently with support on this which I updated yesterday as I was informed it was fixed with the latest V10, and it is not.

Works perfectly in V8
Maybe we can use that section of code?


I would beg you not to add anything to your containment exclusions unless you really have to.
This is completely dangerous as I have found out; after getting a worm into a client the first thing Comodo infection specialists say / do is stop your exclusion rules as that is why or how it is getting around the AV.

Hard less we have learnt, we use it for one client and their DOS app only now where everyone else is locked tight.

Hello @StrobeTech,

We appreciate your suggestions and sharing your experience. Our development team is surely working on the fix/improvement base on the reported issues and suggestion to build a much-improved, better product and services base on everyone’s cooperation and suggestions.


Please let us know if you need further assistance on the reported issue for us to assist you further with the exclusion. You may also use the Valkyrie service to analyze the file by submitting metadata and will create an auto-whitelisting when no suspicious activity detected. You may refer to the link below for further details.


Thank you,

I would love to not use exclusions if the AV would stop flagging important files and breaking applications after I have set the file as trusted. What is the point of setting file as admin trusted? It clearly doesnt do anything. To me that means it should auto exclude that file from any detection.

Done this already. Didn’t work. HOWEVER, there must have been a fix in the last update. After the update i recovered it from quarantined and so far it hasnt gone back. So surely a bug and i’m hoping it stays fixed

Still quarantining at our end im afraid.

Hello @StrobeTech,

We appreciate the update. May we request to respond to the associated support ticket together with the requested output of the cisreporttool.exe once available. Thank you

Yep, the same file just got quarantined again for me. Setting as trusted not working

Hello @eztech,

We have sent you an email regarding with this issue for the process of resolving this case.

Thank you for your patience.

How can we find out if the white list has been updated and pushed to the endpoint ? What is the process after the file has been marked as safe. Do the endpoints have a local copy or do they do a lookup online.

Hello @dittoit,

You may verify the if the whitelist has been updated via the ITSM Dashboard > Valkyrie> Valkyrie File Verdict section, it will show the numbers of whitelisted files. When the auto-whitelisting is enabled, the file will be whitelisted. Lookup online and CCS downloads admin rating database once per hour. This database has the binary format and can’t be visible for the user on the endpoint.