Forefront Endpoint Protection Blog

All the latest news and information on Forefront Client Security, Forefront Endpoint Protection and System Center Endpoint Protection 2012

Wildcards in path exclusions: FCS

Wildcards in path exclusions: FCS

  • Comments 6
  • Likes

Since the August 2009 antimalware engine update we support wildcards in path exclusions for on-demand scans (quick/full/custom scan).

It is important to note that Wildcards in path exclusions will not work for Real Time Protection and will be ignored (this does not apply to extension exclusions).

For on-demand scans, this will allow you to exclude paths such as:
"C:\Users\*\AppData\Roaming\Microsoft\Windows\Recent"

The above example excludes the same path for all users folders. This can improve performance with scheduled scans and on-demand-scans.

Since Real-Time Protection (RTP) will not honor the wildcards, you will not be able to use the wildcard exclusion to prevent detection or avoid any RTP performance issues. In these cases you will have to use the full path.

Additional information about the use of wildcards:

Character

Exclusion type

Notes

*

One subfolder

Example1:

c:\temp is the same as c:\temp\* and c:\temp\*\

When the wildcard is the last character in the exclusion, it is treated the same as not having the wildcard, and all subfolders will be excluded.

Example2:

C:\Users\*\AppData\Roaming\Microsoft\Windows\Recent

The wildcard within the path can be used to represent a complete folder name.

?

One character or null

Example 1:

If the exclusion is c:\? and you scan c:\e, the file is excluded.

Example 2:

If the exclusion is c:\??car, both eicar and mycar would be excluded.

Eddie Bowers

Senior Support Escalation Engineer

Comments
  • Hi Eddie,

    is it true that there it is not possible to exclude files without adding the whole path?

    When I tried excluding winvnc.exe or *winvnc.exe it did not work.

    %programfiles%\*\winvnc.exe however did work.

    Is that per default?

    Cheers

    Sebastian

  • Hi Sebastian,

    Thanks for your question - yes, you must specify the full path to the file.

    Thanks!

  • Example 1:

    If the exclusion is c:\? and you scan c:\eicar, the file is excluded.

    This doesn't seem right... i thought ? represented 1 character, so c:\e would be excluded, but c:\eicar would be scanned. ???

  • Hi there Jon,

    Thanks for your question - you are right! I've corrected the blog post above.

    Thanks a lot!

  • Does this blog post apply to SCEP 2012 and FEP 2010, or just FEP 2010?

  • Looking for PS cmdlets to add files in in Anti-Virus Exclusion List for Forefront Endpoint.

    Hi All,

    Not sure if this is the right forum for this kind of discussion but may be you can provide me some pointers.

    I am trying to automate something where I am looking some cmdlets of powershell by which I can exclude some directories/file in Anti-Virus Exclusion List for ForeFront Endpoint.

    I checked Forefront Management Shell cmdlets but didn’t find any relevant command for this.

    Thanks to help me in this,

    Prem Chugh

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment