Community
User Guides
Support
Community
Help Forums
English Forum
General
About our Community
General Discussion
News and Feedback
Products
F-Secure SAFE
F-Secure FREEDOME
F-Secure KEY
F-Secure SENSE Router
F-Secure ID PROTECTION
Other products
Beta programs
Feature Requests
Finnish Forum (Tukifoorumi)
Tuotteet Kotiin
F-Secure SAFE
F-Secure FREEDOME
F-Secure KEY
F-Secure SENSE Router
F-Secure ID PROTECTION
Muut tietoturvatuotteet
Support Articles
Language
English
Suomi
Deutsch
Français
日本語
Svenska
Dansk
Italiano
Nederlands
Norsk
Polski
中文 (繁體)
Products & Services
F-Secure TOTAL
F-Secure SAFE / Internet Security / Anti-Virus
F-Secure FREEDOME
F-Secure KEY
F-Secure SENSE Router
F-Secure ID PROTECTION
Other products
Common topics
User Guides
Support
Login
|
Register
Using wildcards in exclusions in real-time scanning - F-Secure Community
<main> <article class="userContent"> <p> </p>Using wildcards in exclusions in real-time scanning <p>This article provides information on how to exclude files from <strong>real-time</strong> scanning in F-Secure Anti-virus products using wildcard characters. </p> <h3 data-id="about-syntax-in-wildcards">About syntax in wildcards</h3> <div>The syntax used in exclusions differs between F-Secure products depending on whether the product is an older or newer version. <ul><li>Older product versions: Server Security 12.x, Email and Server Security 12.x, and Client Security 12.x, and their premium versions. </li> <li>Newer product versions: Client Security 13.x, Client Security 14.x, and their premium versions. </li> </ul></div> <p>What to remember: </p> <div> <ul><li>In older product versions, use double backslashes: "<code class="code codeInline" spellcheck="false" tabindex="0">\\</code>" (used as an escape character). All slashes in the path need to be typed out twice in this way. The path is not case-sensitive. <br><strong>Note:</strong> The older format with double backslashes works in both older and newer product versions. The newer format with single backslashes only works in newer product versions, however. </li> <li>In older product versions, use device names, as follows: <ul><li><code class="code codeInline" spellcheck="false" tabindex="0">*\\HarddiskVolume1\\*\\eicar.com</code> </li> </ul><p>In older product versions, real-time scanning does not see drive letters. Exclusions with drive letters are still supported in older product versions provided that wildcards are not used in the exclusion. </p> <p><strong>Tip:</strong> To understand how the device name actually maps to a drive letter, you can use the <strong>fltmc</strong> utility. To do this, run <code class="code codeInline" spellcheck="false" tabindex="0">fltmc volumes</code> from the command line as an administrator. </p> </li> <li>In newer product versions, use drive letters, as follows: <ul><li><code class="code codeInline" spellcheck="false" tabindex="0">C:\*\eicar.com</code> </li> </ul><strong>Note:</strong> If you use <code class="code codeInline" spellcheck="false" tabindex="0">\Device\HarddiskVolume1</code> (newer product versions) and <code class="code codeInline" spellcheck="false" tabindex="0">\\Device\\HarddiskVolume1</code> (older product versions), this conflicts with network exclusions where the server is "Device" and share is "HarddiskVolume1". Therefore, start the local exclusion with an asterisk (<code class="code codeInline" spellcheck="false" tabindex="0">*</code>). </li> <li>If you use a single character wildcard <code class="code codeInline" spellcheck="false" tabindex="0">?</code>, always start the exclusion with an asterisk; for example: <ul><li><code class="code codeInline" spellcheck="false" tabindex="0">*\\eica?.com</code> (older product versions) </li> <li><code class="code codeInline" spellcheck="false" tabindex="0">*\eica?.com</code> (newer product versions) </li> </ul></li> </ul></div> <div><h3 data-id="scenarios-for-real-time-scanning">Scenarios for real-time scanning </h3> <div>In the following examples, we use wildcards to exclude all <code class="code codeInline" spellcheck="false" tabindex="0">*.ini</code> files from real-time scanning in the following folder structure: <ul><li><code class="code codeInline" spellcheck="false" tabindex="0">C:\Documents and Settings\User1\MyApplication\</code> </li> <li><code class="code codeInline" spellcheck="false" tabindex="0">C:\Documents and Settings\User2\MyApplication\</code> </li> <li><code class="code codeInline" spellcheck="false" tabindex="0">C:\Documents and Settings\UserNN\MyApplication\</code> </li> </ul></div> <p>Using wildcards, these folder structures appear as follows: </p> <div><u>In older product versions</u> <ul><li>Option A: <code class="code codeInline" spellcheck="false" tabindex="0">*\\HarddiskVolume1\\documents and settings\\*\\MyApplication\\*.ini</code> </li> <li>Option B:<code class="code codeInline" spellcheck="false" tabindex="0">*\\documents and settings\\*\\MyApplication\\*.ini</code> </li> </ul></div> <p>The two options, A and B, highlight that exclusions can also be configured using the device name when the volume name is included (<code class="code codeInline" spellcheck="false" tabindex="0">HarddiskVolume1</code>). The volume name can differ between machines, so option B is preferred. </p> <div><u>In newer product versions</u> <ul><li><code class="code codeInline" spellcheck="false" tabindex="0">C:\documents and settings\*\MyApplication\*.ini</code> </li> </ul></div> </div> <div><h3 data-id="excluding-a-folder">Excluding a folder </h3> <div>Exclude an entire folder using wildcards as follows: <ul><li><code class="code codeInline" spellcheck="false" tabindex="0">*\\MyFolder\\*</code> (older product versions) </li> <li><code class="code codeInline" spellcheck="false" tabindex="0">*\MyFolder\*</code> (newer product versions) </li> </ul></div> <p><strong>Note:</strong> Everything inside the specified folder is excluded, including its subfolders. </p> </div> <h3 data-id="excluding-objects">Excluding objects</h3> <div>Exclude objects using wildcards that contain the string <code class="code codeInline" spellcheck="false" tabindex="0">eicar</code> in its name as follows: <ul><li><code class="code codeInline" spellcheck="false" tabindex="0">*eicar*</code> </li> </ul></div> <div>You can also use <code class="code codeInline" spellcheck="false" tabindex="0">?</code> as a wildcard for a single character as follows: <ul><li><code class="code codeInline" spellcheck="false" tabindex="0">*eic??.com</code> </li> </ul></div> <p>This works with both older and newer product versions. </p> <div id="related"> <strong>Related information</strong> <ul><li><a rel="nofollow" href="https://community.f-secure.com/business-suite-en/kb/articles/5622"> How to exclude files or folders from Real-Time scanning in Policy Manager </a></li></ul></div> <br> </article> </main>