Skip to main content
Version: GuardMode 2026.1

πŸ†• Profiles

GuardMode Agent 2026.1 supports the use of profiles to provide flexible and context-specific configuration of excluded paths during scans. Profiles allow for overriding default exclusions or applying different exclusion sets, depending on the scan target. This enables administrators to maintain tailored ransomware protection strategies for different environments or workloads, such as mounted snapshots in vStor.

Restrictions.

Profile management is available only through the GuardMode REST API and the Swagger interface. Swagger provides a complete, interactive list of all available API endpoints. For more details, see Configuring GuardMode Agent using Swagger.

Profile Concepts​

A profile consists of:

  • a unique identifier (profile ID),
  • a unique name,
  • an optional startup flag indicating whether the profile should be used when the agent starts.

GuardMode has three built-in profiles:

  • default-linux
  • default-windows
  • default-vstor
Note.

The default-vstor profile is only used on vStor machines and should never be selected for Windows or Linux GuardMode Agent installations.

The agent automatically selects the appropriate built-in profile for the operating system family it is running on, unless another profile is explicitly marked as the startup profile.

Note.

Only one profile can be marked as the startup profile. If none is marked, the agent falls back to the OS-specific built-in profile and records this selection in the log.

Profile Management​

Profiles can be managed through the GuardMode API only. Supported operations include:

  • Getting all profiles – display all profiles available to the agent.
  • Creating a profile – define a new profile with a unique name.
  • Getting the default profile – retrieve the profile currently in use.
  • Updating a profile – modify profile data or change the startup flag.
  • Deleting a profile – remove a profile and all associated data.
  • Cloning a profile – copy a profile under a new name.
  • Getting a profile’s content – display the list of excluded paths related to the profile.
[image expected here]
Restrictions.
  • The currently used profile cannot be deleted.
  • Built-in profiles (default-linux and default-windows) cannot be deleted.
Tip.

Profiles, including the default ones, can be cloned. This allows administrators to quickly create profile variants with minor adjustments.

Exclusions and Profiles​

Excluded paths are always attached to a specific profile. Existing exclusions are assigned to the appropriate built-in profile during upgrade. When creating new exclusions, a profile ID must be provided.

For backwards compatibility:

  • v1 exclusion endpoints continue to function, automatically attaching exclusions to the appropriate built-in profile for the current OS family.
  • v2 exclusion endpoints require an explicit profile ID.

Profiles in Scans​

Scans may optionally be executed with a profile identifier:

  • If no profile is specified, the agent uses the startup profile (or falls back to the OS-specific built-in profile).
  • If a profile is specified, the agent applies its exclusions as defined, without applying OS-specific filtering.

This mechanism supports advanced use cases, such as scanning vStor snapshots where Windows-specific directories (e.g., /system32) need to be excluded while the agent itself runs on Linux.

OS-Specific Considerations​

  • Excluded paths must conform to the format of the operating system where the agent is running.
  • Profiles are not transferable between agents.
  • Built-in profiles retain OS-sensitive default exclusions.

This ensures consistency while allowing administrators to define additional, environment-specific exclusions as required.