If you add an exclusion to the High-Risk or Low-Risk profile, it gets excluded from the scans. It’s excluded only if one of the processes or applications included in the list of processes defined in the corresponding profile accesses it.
So, the exclusion would not apply to processes and applications that would be scanned using the default profile.
Example:
Suppose you have a custom-built application that you trust entirely, and which accesses a specific file repeatedly. You can place that application in the Low-Risk profile and exclude the accessed file from scanning under the Low-Risk profile.
If the excluded file is later accessed through Internet Explorer, access gets scanned. The reason is because Internet Explorer is not defined as the low-risk process with the exclusion for that file. Exclusions in risk groups work only if it matches with the processes that are already defined in the same risk group.
