Documentation

Excluded Paths

The Excluded Paths tab in Project Settings allows you to configure which folders will be ignored during permissions report generation. Excluding irrelevant or inaccessible paths can significantly improve scan performance and reduce noise in your reports.

Adding an Exclusion

Click the Add Exclusion button to add a new exclusion rule. The resulting dialog offers two exclusion types:

• Exclude path - Excludes a specific fully qualified file system path (e.g., C:\Windows or \\server\share\folder). The specified path and all of its subfolders will be skipped during scanning.
• Exclude folders named - Excludes all folders matching a specified name, regardless of their location in the file system. For example, excluding folders named temp will skip any folder named "temp" encountered during the scan.

Use the toolbar buttons to Edit Exclusion or Remove Selected exclusions from the list.

Folder Type Exclusions

These options allow you to automatically exclude folders based on their attributes or type:

• Exclude hidden and system folders - Skips folders with the NTFS Hidden or System attribute set. These are typically operating system folders that are not relevant to security audits.
• Exclude mount points and symbolic links - Prevents traversal into NTFS mount points, symbolic links (symlinks), and junction points. These redirect to other locations in the file system and can cause duplicate scanning or circular references.
• Exclude DFS links - Skips Distributed File System (DFS) link folders. DFS links redirect to other network locations, and following them may cause duplicate data collection or access issues in complex DFS namespaces.
• Exclude offline (cloud) folders - Excludes folders that are marked as offline or cloud-tiered (e.g., OneDrive, Azure Files with cloud tiering). Accessing these folders may trigger downloads from cloud storage, significantly slowing scans.
• Exclude virtual (WCI and ProjFS) folders - Skips Windows Container Isolation (WCI) folders and Projected File System (ProjFS) virtualization roots. These are used by technologies like Windows Sandbox and package managers (e.g., VFS for Git) and typically should not be audited.

Additional Options

• Show excluded folders in report results - When enabled, excluded folders will appear in the folder tree with a visual indicator showing they were skipped. This helps you verify which paths were excluded during a scan. When disabled, excluded folders are hidden from the report entirely.
• Exclude folders deeper than level - Limits how deep into the folder hierarchy the scan will traverse. For example, setting this to 5 will exclude any folders more than 5 levels deep from the root of each scanned path. This is useful for controlling scan scope on deeply nested file systems.

Important Considerations

Data Collection Impact: When a folder is excluded, no data is collected for it or any of its subfolders. This means:

• Excluded paths will not appear in the Folder Report (unless "Show excluded folders" is enabled)
• Files within excluded paths will not appear in the File Permissions Report
• File owners within excluded paths will not appear in the File Owners Report
• Share permissions are not affected by path exclusions (shares are enumerated separately)

Access Errors: Folders that cannot be accessed due to permission issues are logged in the event log but do not require explicit exclusion rules. Permissions Reporter automatically handles access denied errors gracefully.

Common Exclusion Patterns

Consider excluding the following paths for typical security audits:

• C:\Windows - Operating system files
• C:\Program Files and C:\Program Files (x86) - Application binaries
• C:\$Recycle.Bin - Recycle bin (per-user security)
• Folders named node_modules, .git, or bin - Development artifacts
• Backup and archive folders that are not in scope for the audit