On my day to day basis i receive quite a lot of request to add new exclusions on the company Antivirus Solution (System Center Endpoint Protection).
At first i was adding them the old fashion way, eg: C:\Temp\archives\Old but i stumbled upon a list of wildcards available for SCEP and soon started to put it to good use and standardize all my new exceptions added.
The following wildcard characters may be used when you create exclusions:
- The asterisk (*) may be used instead of any number of different characters in a file name or folder path:
- The question mark (?) may be used instaed of any single character in a file name or folder path:
Invalid wildcard usage
You might unintentionally exclude lots of files and folders when you use wildcard characters. To reduce the risk that this will occur, exclusions that include wildcard characters are ignored as invalid if they match the following special-case rules:
- An asterisk (*) or question mark (?) is used instead of a drive letter:
Environment variables may be included in file names or folder paths and will be expanded.
In the following example of a path exclusion, the %ALLUSERSPROFILE% environment variable will be replaced with its current value (for example, C:\ProgramData). The CustomLogFiles folder and all its contents are excluded. This includes subdirectories.
Wildcard usage overview
The following table provides an overview of supported wildcard usage for each exclusion type.
|Extension exclusion||Exclude a file from scanning by specifying its extension. Multiple extensions may be excluded by using wildcard characters.||
|File exclusion||Exclude a file from scanning by specifying its path. Multiple files may be excluded by using wildcard characters.||
|Folder exclusion||Exclude all files in a folder and its subfolders by specifying its path. Multiple folders may be excluded by using wildcard characters.||
Exclude all files from scanning that are accessed by a defined process.
Note No wildcard characters are permitted.