Scan exclusions allow for the bypassing of items based on type and item name. The screenshot below demonstrates the exclusion of the following IIS Servers.

  • DEMO-SRV01
  • DEMO-SRV02
  • DEMO-SRV03
  • DEMO-SRV04


Wildcards can be used at the start of end of an item name - for example DEMO-SRV* will exclude any item whose name starts with DEMO-SRV. Entering a value of * will exclude all items of that type.

Remove all exclusions

Clicking remove all exclusions will remove all exclusions configured for all item types in this scan profile

Detection Support

Exclusions are applied regardless of how the item was assigned including

Logging Output

When an item is bypassed this is written to the diagnostics trace log. The message format is as follows.

Bypassing adding a new 'Item Type' scan task for target 'Target Name' as this target is configured as an exclusion in the scan profile.

Active Directory Search

Please note that when using the Active Directory Search if using the Use Fully Qualified Domain Names setting you must use this naming format for the exclusions for example or