The Scan Exclusion List is more complex to manage than the Scan Inclusion List. In the Scan Inclusion List, only explicitly approved items are listed to be scanned. However, in the Scan Exclusion List, all files, folders, processes etc. that need not be touched should be identified and listed, otherwise they will be scanned by default.

To put it simply, the Scan Inclusion List is for targeted scanning, while the Scan Exclusion List is for targeting items not to be scanned. Both lists require regular review and updates as software configurations change and files may need to be added or removed from the lists.

The effectiveness of both lists depends on how they are configured and implemented. To ensure an accurate Scan Exclusion List, we recommend involving the Application/Server owner to list the known processes, files, and paths used by the actual application and refer to the available application support resources. This will provide a better understanding of which items can be excluded from scanning, and which should be included for targeted scanning.