On my day to day basis i receive quite a lot of request to add new exclusions on the company Antivirus Solution (System Center Endpoint Protection).

At first i was adding them the old fashion way, eg: C:\Temp\archives\Old but i stumbled upon a list of wildcards available for SCEP and soon started to put it to good use and standardize all my new exceptions added.

Wildcard characters

The following wildcard characters may be used when you create exclusions:

    • The asterisk (*) may be used instead of any number of different characters in a file name or folder path:
      • C:\MyData\my*.zip
      • C:\somepath\*\Data
      • .t*t

 

    • The question mark (?) may be used instaed of any single character in a file name or folder path:
      • C:\MyData\my??????.zip
      • C:\MyData\myArchives.z?p
      • .??p

 

Invalid wildcard usage

You might unintentionally exclude lots of files and folders when you use wildcard characters. To reduce the risk that this will occur, exclusions that include wildcard characters are ignored as invalid if they match the following special-case rules:

    • An asterisk (*) or question mark (?) is used instead of a drive letter:
      • \\*\*
      • \\?\data

 

Environment variables

Environment variables may be included in file names or folder paths and will be expanded.

In the following example of a path exclusion, the %ALLUSERSPROFILE% environment variable will be replaced with its current value (for example,  C:\ProgramData). The CustomLogFiles folder and all its contents are excluded. This includes subdirectories.

%ALLUSERSPROFILE%\CustomLogFiles

Wildcard usage overview

The following table provides an overview of supported wildcard usage for each exclusion type.

Exclusion type Details Examples
Extension exclusion Exclude a file from scanning by specifying its extension. Multiple extensions may be excluded by using wildcard characters.

.log

.lo?

.l??

.*g

File exclusion Exclude a file from scanning by specifying its path. Multiple files may be excluded by using wildcard characters.

C:\MyData\myphotos.zip

C:\MyData\my??????.zip

C:\MyData\my*.zip

Folder exclusion Exclude all files in a folder and its subfolders by specifying its path. Multiple folders may be excluded by using wildcard characters.

C:\MyData\archives\Old

C:\*\archives\Old

C:\*\*\Old

C:\My????\*\Old

Process exclusions

Exclude all files from scanning that are accessed by a defined process.

Note No wildcard characters are permitted.

C:\Windows\Notepad.exe

Notepad.exe

 

Follow on Feedly