Athena EPP (Endpoint Protection Platform)

Athena EPP (formerly Sangfor Endpoint Secure) integrates NGAV, EDR, and endpoint management into a single, powerful solution for comprehensive endpoint protection.
{{ $t('productDocDetail.guideClickSwitch') }}
{{ $t('productDocDetail.know') }}
{{ $t('productDocDetail.dontRemind') }}
6.0.4R4
Athena EPP (Endpoint Protection Platform) {{ breadTitle }} User Manual Getting Started Policies Exclusions
{{sendMatomoQuery("Athena EPP (Endpoint Protection Platform)","Exclusions")}}

Exclusions

{{ $t('productDocDetail.updateTime') }}: 2026-04-09

When you find a false positive security event, you can exclude it by file name, file path, or file extension. Excluded files and directories will not be checked in virus scanning, real-time monitoring, or web shell detection.

4.6.3.1 Excluded Extensions

The virus detection module does not scan or detect files with the specified extensions.

4.6.3.2 Excluded Paths

The virus detection module does not scan or detect files in the specified excluded paths.

File exclusion: To exclude a file, specify the path to the file. The path string ends with the file name rather than a backslash (\), for example, D:\2022\10 tools\test.

Directory exclusion: To exclude a directory, specify the path to the directory. The path string ends with the directory name and a backslash (\), for example, D:\2022\10 tools\test\.

4.6.3.3 Excluded IOAs

When the IOA engine detects an advanced threat event, you can add it to IOA exclusions. You can also edit or delete an exclusion rule.

4.6.3.4 Event Whitelists

You can add security events identified in intrusion detection, such as brute-force attacks, suspicious scans, application vulnerabilities, and memory backdoors, to the event whitelist.