Is it possible to UNDO an AV Exclusion ?

I used Windows Explorer to look at a folder, and got an A.V. alert.

The default 120 seconds is NOT enough to properly evaluate the situation, and an upper limit of 999 seconds is a rush.

I chose ignore once - and because it was still in the explorer field of view I got another Alert.

HELP was useless, according to that the results of SAFE and EXCLUSION are identical.

I now believe that SAFE is reversible.

The only option for an excluded file is REMOVE.
HELP IS USELESS - it fails to tell me the consequence of REMOVE.

Please explain :-

  1. Does remove cancel the membership of the exclusion list so that it will be subject to future AV scans ?
  2. Or does it permanently delete the selected item so it will never again be a threat ?
  3. If remove does kill the file, is there any way to reverse the situation ?

N.B. I have excluded some false positives because at the time I had no time (actually 120 seconds) to determine that SAFE was the reversible option.
If they remain excluded then should a future update introduce malware I will be unprotected.


Hi Alan

The Remove button (under Scanner Setting - Exclusions) only removes the exclusion entry, not the file itself. Exclusions only impacts the AntiVirus components in the sense that the AV will not scan or detect the excluded file. Safe Files (Defense+) are very different in the sense, that it has no impact on the AV component and Safe Files are treated as “safe” by Defense+ only (basically no alerts). Defense+ does not pay any attention to the AV exclusion list as far as I’m aware.

I hope that answers your queries.

[i]PS In all CIS components (Firewall, Defense+ & AV) you can change the amount of time that an alert remains on the screen to get more time to answer if you need it. Personally, I use 999 seconds (the maximum) for the AV and 600 seconds for the Firewall and Defense+. The times are fairly arbitrary on my part, no real logic to it really. :slight_smile:



Thank you. Yes that fully answers my needs.

I cannot resist commenting that CANCEL would be a better label, but I guess it is too late now ! !


It’s never too late Alan. Remember that V4 is currently in development. So, start your CANCEL campaign now! :wink:

Also, I added a bit more to my above post in a PS (sorry about that). :slight_smile:


I already found where to alter the time limit and decided that 3600 seconds was enough time for a lunch break or a Google - so disappointed when I found it would not go above 999 seconds.

I did think of trying zero seconds so it would count down to negative infinity and then via positive infinity back to zero and finish - but not many people would think of that, and not many software developers would allow for unexpected input parameters - I know because I have inherited other “designers” released products and become responsible for the maintenance ! ! !