PROTECTION EXCLUSIONS
      Back to home
      1. Knowledge Base
      2. SETTINGS
      3. PROTECTION EXCLUSIONS

      🆕Protection exclusions

      Define specific websites, applications, or external devices that should be excluded from Safetica protection to ensure their correct operation while maintaining overall security.

      Introduction

      Protection exclusions allow trusted resources to work without interference from Safetica while preserving overall security.

      In rare cases, Safetica may undesirably interfere with a company's environment or cause technical conflicts. To address such issues, admins can configure protection exclusions for trusted company assets.

      🍏macOS limitation: For now, Protection exclusions do not apply to macOS devices.

      In Protection exclusions, you can exclude from Safetica protection:

      You can also:

       

       

      View the list of manually excluded or included resources

      The Protection exclusions section contains two main tabs:

      • Excluded: Displays all websites, external devices, and applications that were excluded from Safetica protection.
      • Included: Displays applications manually included in Safetica protection.

      You can filter the table by type (website, external device, application) or by name of the website, device, or app.

       

       

       

      Exclude trusted websites

      If Safetica disrupts access to a trusted website that doesn’t need protection, admins can whitelist it. Websites or IP addresses can be excluded from SSL/TLS inspection so that Safetica will not affect their secured communication. This is particularly useful for websites that require specific certificates or use HTTP/3. This ensures uninterrupted access for users while maintaining overall security.

      ✍️Use case: Troubleshooting issues when a well-established website cannot be accessed by users with installed Safetica Client.

      Examples of trusted websites: Government portals, banking websites.

       

      How to exclude a trusted website

      1. In Safetica console, go to Settings > Protection exclusions.
      2. Click Exclude and go to the Websites tab.
      3. Enter the domain name or IP address of the websites you want to exclude.
      4. Click Exclude website.
      5. The websites will be added to the Protection exclusions list.

      ✍️Tips:

      • Add multiple websites at once, separated by a comma.
      • You can exclude domain names and IP addresses:
        • IP addresses, including ports (e.g., 192.168.10.10 or 192.168.10.11:443).
        • CIDR ranges or subnet masks (e.g., 192.168.0.0/24).
        • Domains and subdomains (e.g., google.com or maps.google.com)
        • Entire domains with all subdomains using wildcards (e.g., *.office.com).
      • URLs with protocols or directories are ignored (e.g., https://www.company.com or company.com/our-profile).  

       

       

       

      Exclude problematic external devices

      You can exclude external devices that do not work correctly with Safetica and don’t need protection (i.e., those without storage). This ensures that external devices with compatibility issues will work for users.

      ✍️Use case: Troubleshooting external devices that do not work correctly when connected to a computer with Safetica.

      Examples of problematic external devices: Docking stations, peripherals (keyboards, headphones), security tokens.

       

      How to exclude a problematic external device

      1. In Safetica console, go to Settings > Protection exclusions.
      2. Click Exclude and go to the External devices tab.
      3. Enter the hardware ID or compatible IDto identify the device.
      4. Click Exclude device.
      5. The external devices will be added to the Protection exclusions list.

      ✍️Tips:

      • You can exclude external devices based on hardware ID or compatible ID.
      • You can exclude individual devices or entire device types, such as:
        • USB\VID for all USB devices
        • USB\HARDLOCK for all hardware keys

      • To locate hardware IDs and compatible IDs:

        • On Windows: Open Device Manager(right-click Start and select Device Manager).
        • On macOS: Open System Information.

      🪟Windows: A problematic external device may display a general error code in the Device Manager, which defines the conflict between it and Windows. You can find the most common error codes here.

       

       

       

      Exclude or include applications

      Protection exclusions define which applications Safetica audits and protects on devices. By default, Safetica includes a predefined list of applications under its protection. However, admins can override these settings and manually include or exclude specific apps.

      To audit and protect file operations and network communication of an app with data policies, the app needs to be included.

      If an app is excluded, Safetica will only record that it was running in the Apps section. It will not record any file operations performed by the app, and data policies will not be enforced.

      Exclude applications

      In rare cases, Safetica may cause an application to slow down, freeze temporarily, or it may interfere with their network communication. If an application is negatively affected by Safetica, it can be excluded to ensure it continues to work correctly for users. While exclusion minimizes auditing, it does not disable it entirely.

      ✍️Use case: Troubleshooting apps that you suspect are negatively affected by Safetica.
      Examples of excluded apps: Custom or newly introduced apps that may experience compatibility issues.

      Include applications

      If an app is not protected by Safetica by default but requires improved auditing and protection, it can be included manually. This is particularly useful for business-critical apps that require increased control.

      ❗Inclusion may cause technical issues for which the admin takes responsibility.

      ✍️Use case: Strengthening auditing and protection for critical apps.
      Examples of included apps: Apps that are not in Safetica’s default list or previously excluded apps where issues have been resolved.

       

      How to exclude or include applications

      1. In Safetica console, go to Settings > Protection exclusions.
      2. To exclude an app: Go to the Excluded tab, click Exclude, and go to the Applications tab.
      3. To include an app: Go to the Included tab and click Include.
      4. You will see a list of all currently excluded and included apps, along with their status:
        1. Excluded: Part of Safetica’s default exclusion list.
        2. Excluded (manual): Excluded manually by an admin.
        3. Excluded by Safetica (don’t include): Apps identified as not working correctly, with a fix planned for a future Safetica Client version. Including such apps is not recommended due to known issues.
        4. Included: Part of Safetica’s default inclusion list.
        5. Included (manual): Included manually by an admin.

        The First occurred column displays when an application was first detected on any of your devices. The most recently detected apps appear at the top of the list.

          5.  Select the apps you want to include/exclude and confirm.
          6.  The apps will be added to the respective Protection exclusions list.

         

         

         

        How to delete an exclusion

        To delete an exclusion that is no longer needed:

        1. Select the resources (website, external device, or application) in the Protection Exclusions list.
        2. Click Delete and confirm.

         

         

        FAQ

        Q: Can I add an IP address range to excluded websites (e.g., 10.10.10.0/24)? Can I exclude a range of IP addresses (e.g., 10.10.10.0/24)?

        A: Yes, you can exclude a CIDR range / subnet mask.