Supported usage of wildcard characters with exclusions

Summary

This document outlines the supported usage of wildcard characters with exclusions. This document applies to all supported versions of the following products: 
  • Microsoft Forefront Client Security (FCS)
  • Microsoft Forefront Endpoint Protection (FEP) 2010
  • Microsoft System Center 2012 Endpoint Protection (SCEP 2012)
  • Microsoft System Center 2012 R2 Endpoint Protection (SCEP 2012 R2)
  • Microsoft Antimalware for Azure
Note Exclusions lower the security settings. We recommend that you evaluate the risks that are associated with implementing exclusions. We recommend that you avoid setting exclusions unless those exclusions are officially documented by the vendor of the product for which you implement the exclusions.

Using wildcard characters may have unexpected results, and folders or files may be unintentionally excluded. Therefore, make sure that you review and test exclusions before you implement them in production. 

Wildcard characters

The following wildcard characters may be used when you create exclusions:
  • The asterisk (*) may be used instead of any number of different characters in a file name or folder path: 
    • C:\MyData\my*.zip
    • C:\somepath\*\Data
    • .t*t
  • The question mark (?) may be used instaed of any single character in a file name or folder path:
    • C:\MyData\my??????.zip
    • C:\MyData\myArchives.z?p
    • .??p

Invalid wildcard usage

You might unintentionally exclude lots of files and folders when you use wildcard characters. To reduce the risk that this will occur, exclusions that include wildcard characters are ignored as invalid if they match the following special-case rules:

  • An asterisk (*) or question mark (?) is used instead of a drive letter:
    • \\*\*
    • \\?\data

Environment variables

Environment variables may be included in file names or folder paths and will be expanded.

In the following example of a path exclusion, the %ALLUSERSPROFILE% environment variable will be replaced with its current value (for example,  C:\ProgramData). The CustomLogFiles folder and all its contents are excluded. This includes subdirectories.
%ALLUSERSPROFILE%\CustomLogFiles



Wildcard usage overview

The following table provides an overview of supported wildcard usage for each exclusion type.
Exclusion typeDetailsExamples
Extension exclusionExclude a file from scanning by specifying its extension. Multiple extensions may be excluded by using wildcard characters..log

.lo?

.l??

.*g
File exclusionExclude a file from scanning by specifying its path. Multiple files may be excluded by using wildcard characters.C:\MyData\myphotos.zip

C:\MyData\my??????.zip

C:\MyData\my*.zip
Folder exclusionExclude all files in a folder and its subfolders by specifying its path. Multiple folders may be excluded by using wildcard characters.C:\MyData\archives\Old

C:\*\archives\Old

C:\*\*\Old

C:\My????\*\Old
Process exclusionsExclude all files from scanning that are accessed by a defined process.

Note No wildcard characters are permitted.
C:\Windows\Notepad.exe

Notepad.exe




Properties

Article ID: 2962341 - Last Review: 2 Jun 2014 - Revision: 1

Feedback