Exclusions

Exclusions in Tenable Vulnerability Management are rules that prevent scanners from running on a specific target. They allow you to designate which assets you do not want to be scanned, which can be useful for avoiding performance issues on sensitive systems or for preventing duplicate assets from being scanned. You can use exclusions to restrict the scanning of specific hosts based on a selected schedule.

Note: Exclusions do not apply to agent scans.

Note: If a target has been moved to a different network, you must update any related exclusions. Otherwise, the target may be blocked from scanning.

Important: Tenable does not recommend applying exclusions to PAM integration servers. This prohibits Tenable Vulnerability Management from accessing those credentials and, as a result, Tenable Vulnerability Management cannot run scans using them.

Caution: Scan exclusions for IP addresses apply only to network-based scanners assigned to a specific network. However, web application scanner exclusions are global and not network-specific. For example, if you configure an exclusion on Network A, that exclusion also prevents a web application scanner from scanning a target in Network B.

For more information on exclusions, see the following topics: