Using wildcards in exclusions in real-time scanning

header {margin:52px 0 0 0} #dropdownnavi {float:left; clear:both; margin: -2px 0 20px -12px;} header .row {width:100%} header .row:nth-child(1) {background-color:#0014a0} header .container, footer .container {max-width:1172px; margin: auto;} .top-header {height:53px;} .bottom-header {height:52px;} .Header-logo {width: 10%;float: left;} .Header-logo img {width: 105px; margin: 11px 8px 8px 16px;} .header-top-links {float: right; margin: 1px 29px 0 0;} .header-top-link, .header-bottom-item {cursor: pointer; display: inline-block; font-size: 14px; font-weight: 400; line-height: 52px; margin: 0 15px; position: relative; text-align: center; } .header-top-link, .header-bottom-item a {text-decoration:none;} .header-top-link {color: #fff; margin: 0 10px 0 12px;} .header-top-link.active {margin-right:12px} .header-top-link.active::after {width: calc(100% + 30px)!important} .header-top-link.active::after, .header-top-link:hover::after {background: #fff;} .header-bottom-link {color: #1e1e1e;} .header-bottom-item .header-bottom-link {margin:0 15px} #homeLink {margin-left:1px} .kb-lang-title {width:100%;text-align:center;font-weight:600;color:black; margin:0} .header-right {float: right; margin: 10px 48px 0 0; padding: 3px; height: 30px; border-radius: 3px;} #signin {margin-top:5px} #signin a {text-decoration: none; color:#1e1e1e; } .signin-icon {float: left; height: 20px; padding: 0 5px 20px 0;} #profiledropdown {padding: 2px; border-radius: 3px; margin-top: -3px;} #profiledropdown:hover {cursor:pointer; background-color:#0014a0} #profilename #profileicon {background: #dfdfdf; border-radius: 25px; width: 28px; height: 28px;} #profile-menu ul {list-style: none; padding-left:0} #profile-menu ul li {padding:10px 0 10px 20px;font-size: 15px;} #profile-menu ul li:hover, #articleslink p:hover, #dashboardlink p:hover {cursor:pointer; background-color:#efefef;} #profile-menu ul li a {text-decoration:none; color:#1e1e1e} #profile-menu hr {border:1px solid #efefef} #articleslink hr, #dashboardlink hr {margin:0} #articleslink .title {padding: 0;text-align: center; font-weight: 600;} #articleslink p, #dashboardlink p {padding:10px 0 10px 20px;} #articleslink p a, #dashboardlink p a {text-decoration: none; color:#1e1e1e;} #articleslink .draftslink:hover, #dashboardlink p:hover {padding: 10px 0 10px 20px;} .header-coveosearch {position: relative; margin-top: -53px;} .header-search {display:inline-block;padding:15px 0 0 0;} .searchboxtoggle {color:white;} .header-searchcontainer {float: right; margin:0 18px 0 0; height:52px} .search-icon {color:white;} .expand {display:inline-block;} .collapse {display:none;} .searchboxtoggle .opensearch-icon, .searchboxtoggle .closesearch-icon {cursor:pointer;height:26px; width:26px; vertical-align: middle; filter:invert(1)} .header-searchbox {height:52px;} #kbsearch {display:block;margin: 0 0 0 auto; height:53px; box-sizing: border-box; border: 1px solid white; font-size: 14px; padding: 14px 0 10px 15px;} header-searchbox.active, #kbsearch:focus {width: 100%; transition: 1s ease-in-out;} .Footer {background:#f6f6f6;color:#555a62;font-size:16px;line-height:1.5;padding:18px 0; border-top:1px solid #c4c4c4} .Footer .footer-logo-wrap .footer-logo {height: auto; max-height: 32px; width: auto; margin-top:20px} .Footer .col {padding:0 0 0 15px;width: 20%; font-size: 13px; display: table-cell; vertical-align: top;} .Footer .footer-links-wrap {padding-bottom: 15px; border-bottom: 1px solid #c4c4c4;} .Footer .footer-links-wrap .col:nth-child(2), .Footer .footer-links-wrap .col:nth-child(3), .Footer .footer-links-wrap .col:nth-child(4) {border-right:1px solid #c4c4c4} .Footer .col ul {list-style: none;} .Footer .col:nth-child(2) ul {padding: 0;} .Footer .col ul li a {color: #1e1e1e; text-decoration: none;} .footer-link-title {text-transform: uppercase; color: #1e1e1e;} .footer-link-subtitle {font-size:14px; color: #1e1e1e; max-width:95%} .footer-icon {float: left; height: 30px; padding: 0 10px 60px 0;} .col-copyRight a, .social-icons-wrap a {display:inline-block; padding:5px 0; text-decoration: none; color: #1e1e1e; } .social-icons-wrap {float:right} .Footer a:hover, .Footer .col ul li a:hover {color:#0014a0} footer.Footer .row.bottom-row {padding-top:5px} footer.Footer .row.bottom-row .col.col-copyRight * {font-weight:400} social-link:hover {cursor:pointer} social-link:hover svg {fill:#0014a0} #signin .header-bottom-item.header-bottom-link {display:inline-block; margin-top: -16px;} #signin a:hover {color:#0014a0} footer.Footer .row.footer-links-wrap .col.footer-links .footer-link, footer.Footer .row.bottom-row .col.col-copyRight, footer.Footer .row.bottom-row .col.col-copyRight * {color: #9e9e9e;} footer a:hover {color:#0014a0!important} @media screen and (max-width:991px){ header {margin:0} header .row:nth-child(1) {height:64px} .Header-logo img {margin: 17px 8px 8px 16px;} .Hamburger-border {position: absolute; right: 60px; border-left: 1px solid #fff; height: 64px; width: 50px; top: 0; z-index: 20; border-right: 1px solid white; padding-right: 10px;} .Hamburger {display:block;position: absolute; top: 8px; left: calc(100% - 52px); z-index: 20;-webkit-box-align: center; -webkit-box-pack: center;-webkit-user-select: none; align-items: center; background: transparent; border: none; border-radius: 0;cursor: pointer;justify-content: center; outline: none;transition: .35s;} .Hamburger-menuXcross {height: 25px; padding: 0; width: 26px;} .Hamburger-menuLines {-o-transition: .35s;-webkit-transition: .35s; background-color: #fff; border-radius: 2px; display: inline-block; height: 2px; position: relative; transition: .35s; width: 26px;} .Hamburger-menuLines::before {top: 6px; } .Hamburger-menuLines::after {top: -6px;} .Hamburger-menuLines::after, .Hamburger-menuLines::before {-ms-transform-origin: 5.5px center;-o-transition: .35s;-webkit-transform-origin: 5.5px center;-webkit-transition: .35s;background-color: #fff;border-radius: 2px; content: ""; display: inline-block; height: 2px;left: 0;position: absolute;transform-origin: 5.5px center;transition: .35s;width: 26px;} .sr-only {position: absolute !important;width: 1px !important;height: 1px !important;padding: 0 !important;margin: -1px !important;overflow: hidden !important;clip: rect(0,0,0,0) !important;border: 0 !important;} .Hamburger-menuXcross.isToggled .Hamburger-menuLines::before {-webkit-transform: rotate(45deg); transform: rotate(45deg);} .Hamburger-menuXcross.isToggled .Hamburger-menuLines::after {-webkit-transform: rotate(-45deg);transform: rotate(-45deg);} .Hamburger-menuXcross.isToggled .Hamburger-menuLines::after, .Hamburger-menuXcross.isToggled .Hamburger-menuLines::before {-ms-transform-origin: 50% 50%;-webkit-transform-origin: 50% 50%;background-color: hsla(0,0%,100%,.6); left: 0;top: 0;transform-origin: 50% 50%;width: 26px;} .Hamburger-menuXcross.isToggled .Hamburger-menuLines {background: transparent;} .isToggled .Hamburger-menuLines {-webkit-transform: scaleX(1);transform: scaleX(1);} #signin {text-align:center; margin: auto; color:white} #signin a {text-decoration: none; color:white;} div#loginLink, div#registerLink{border-bottom:none} .header-top-links, .bottom-header {display: none} .header-coveosearch {margin-top:0} .header-searchcontainer {color: white; text-align: right; margin: 8px 18px 0 0;} .header-search { padding: 11px 0 0 0; width: 60px; margin: auto; display: block; position: absolute; right: 17px; top: 8px;} .searchboxtoggle {color:white} .header-searchbox {position: absolute; right: 60px; top: 0; width: 300px;} #kbsearch {height:66px} .banner-middleContainer_f1l0wf96 {box-shadow: inset 0 10px 10px -10px #000;} #homeLink, #helpForumsLink, #FaqsLink, #userguidesLink, #supportLink, .header-right {width:100%; text-align: left; margin: 0; } #userguidesLink, #supportLink {border-top: 1px solid #dfdfdf;} #helpForumsLink, #FaqsLink {margin: 0 0 10px 25px;} .top-header-link {text-transform: uppercase; font-weight:700; color:#1e1e1e; font-size:14px; padding:15px 15px; line-height: 2em;} #dropdownnavi .top-header-link {margin: 3px 0 0 10px;} .header-bottom-link::after {background:none;} .header-bottom-item .header-bottom-link {margin:0 10px} .depth-1-list, .depth-2-list, .depth-3-list {list-style: none; margin: 0; padding:0 0 0 40px} .kb-lang-title {text-align:left;} #menu-dropdown {margin-top: -20px;} #kb-menu-dropdown .depth-2-list.open {padding-left:30px} .depth-1-list a, .depth-2-list a, .depth-3-list a {color:#1e1e1e} .smdropdown-alt {line-height: 0; margin:0 padding: 0 0 10px 0;} .smdropdown-link {color:#acacac!important; font-style: italic;} .depth-1-list, .depth-2-list, .depth-3-list {display: none; margin: -20px 0 20px 0; padding: 0 0 0 15px;} .header-right {float: right;padding: 8px 0; height: 30px; border-radius: 0; box-shadow: 0 3px 5px #1e1e1e; background:#0014a0; text-align: right;} #profiledropdown {width: 30px; float: right; margin-right: 40px} #profiledropdown:hover {background: none} #profiledropdown:hover #profile-menu {display: none} #profileicon {margin-top:2px} #profile-menu {display: none; position: absolute; left: 5%; background: white; width: 90%; text-align: left; z-index: 400; border: 1px solid #dfdfdf; border-radius: 3px; box-shadow: 0 5px 5px #dedede;} .open {display: block;} .Footer .col {display: block; width:90%; padding: 0 20px 15px 20px} .Footer .col.col-copyRight, .Footer .col.col-social {width:90%} footer .container {width:95%} .col.footer-logo-wrap {text-align: center;} .col-copyRight a, .social-icons-wrap a {padding: 10px 0 0 0;} .Footer .footer-links-wrap .col:nth-child(2), .Footer .footer-links-wrap .col:nth-child(3), .Footer .footer-links-wrap .col:nth-child(4) {border-bottom:1px solid #c4c4c4; border-right:none} a.dropdown-1-title, a.dropdown-2-title, a.dropdown-3-title {color: #8a8a8a; font-style: italic;} .signin-icon {display: none;} #signin .header-bottom-item.header-bottom-link {margin-top: -10px;} } @media screen and (min-width:992px){ .Hamburger, .dropdownnavi .top-header-link, #userguidesLink, #supportLink, .smdropdown-alt {display: none;} .bottom-header {display: block;} .header-top-link::after {background: #fff;} header .row:nth-child(2) {background-color:white; box-shadow: 0 3px 5px rgba(0,0,0,0.1);} .depth-1-list, .depth-2-list, .depth-3-list {list-style: none; margin: 0; padding-left: 0; box-shadow: 0 4px 4px rgba(0,0,0,.1);} .depth-1-item, .depth-2-item, .depth-3-item {padding-left:15px; border-bottom:1px solid #dfdfdf; position: relative;} .depth-1-item a, .depth-2-item a, .depth-3-item a {color: #1e1e1e;} .header-bottom-link::after {background: #0014a0;} .header-top-link.active::after, .header-top-link:hover::after, .header-bottom-link.active::after, .header-bottom-link:hover::after {bottom: 0; content: ""; display: block; height: 5px; left: -15px; margin: auto; position: absolute; width: calc(100% + 35px);} .header-bottom-link.smdropdown:hover, .header-bottom-link.smdropdown.active {color:#0014a0} .header-searchbox {position:absolute;top:0;right:60px; margin:0; z-index: 200; } .header-searchbox.active {width:500px;transition: 1s ease-in-out;} #kbsearch {width:350px;} #menu-dropdown, #kb-menu-dropdown {position: absolute; z-index: 100; background: white; text-align: left; margin: 1px 0 0 -15px;} #menu-dropdown, #kb-menu-dropdown .depth-1-list {width:280px} #kb-menu-dropdown .depth-2-list {width:350px!important} #profile-menu {position: absolute; z-index: 100; background: white; width: 350px; text-align: left; width:260px; margin: 0 0 0 -230px; border: 1px solid #c4c4c4; border-radius: 5px; box-shadow: 0 4px 4px rgba(0,0,0,.1);} #menu-dropdown, #menu-dropdown .depth-2-list, #menu-dropdown .depth-3-list, #kb-menu-dropdown, #kb-menu-dropdown .depth-2-list, #profile-menu {display:none;} #helpForumsLink:hover #menu-dropdown, #FaqsLink:hover #kb-menu-dropdown, #profiledropdown:hover #profile-menu {display: block;} #menu-dropdown .depth-1-item:hover .depth-2-list, #menu-dropdown .depth-2-item:hover .depth-3-list, #kb-menu-dropdown .depth-1-item:hover .depth-2-list { display: block; left: calc(100%); background: #fff; border: 1px solid #c4c4c4; position: absolute; top: 0; width: 100%;} #kb-menu-dropdown .depth-1-url {margin:0} #menu-dropdown .depth-1-item:nth-child(3) .depth-2-list, #menu-dropdown .depth-2-item:hover .depth-3-list {top:-1px} .depth-1-item:hover, .depth-2-item:hover, .depth-3-item:hover {pointer:cursor;background-color:#f8f8f8} #helpForumsLink .depth-1-item:hover .depth-1-url, .depth-2-item:hover .depth-2-url, .depth-3-item:hover .depth-3-url, #kb-menu-dropdown .depth-2-item:hover .depth-3-url {color:#0014a0} #FaqsLink .depth-1-item:hover, #FaqsLink .depth-1-item:hover .depth-1-url {cursor:default} .header-right {float: right; margin: 8px 15px 0 0; padding: 3px; height: 30px; border-radius: 3px;} #profiledropdown {padding: 2px; border-radius: 3px; margin-top: -3px;} #dropdownnavi {margin: -1px 0 0 -13px;} #dropdownnavi .top-header-link, .dropdown-1-title, .dropdown-2-title, .dropdown-3-title {display:none} .header-bottom-link.smdropdown {line-height:53px} #signin {display:flex; margin: 1px -12px 0 0} #signin .header-bottom-item.header-bottom-link {margin-top:-14px; height:54px} #signin span {margin-top: 3px;} .signin-icon {padding: 4px 0 20px 0;} .header-bottom-link.smdropdown:before {content:url("data:image/svg+xml;utf8,<svg version='1.1' xmlns='http://www.w3.org/2000/svg' xmlns:xlink='http://www.w3.org/1999/xlink' width='26px' height='18px' xml:space='preserve'><g><path fill='none' stroke='%23010101' stroke-width='2' stroke-linecap='round' stroke-linejoin='round' stroke-miterlimit='10' d='M13.014,14'/></g><g><path fill='%23010101' d='M13,16c-0.256,0-0.512-0.098-0.707-0.293l-3-3c-0.391-0.391-0.391-1.023,0-1.414s1.023-0.391,1.414,0L13,13.586l2.293-2.293c0.391-0.391,1.023-0.391,1.414,0s0.391,1.023,0,1.414l-3,3C13.512,15.902,13.256,16,13,16z'/> </g> </svg>")!important;float: right;} #helpForumsLink:hover .header-bottom-link.smdropdown::before, #FaqsLink:hover .header-bottom-link.smdropdown::before, .header-bottom-link.smdropdown:hover::before {content:url("data:image/svg+xml;utf8,<svg xmlns='http://www.w3.org/2000/svg' width='26px' height='18px' fill='%23010101'><path d='M16,16c-0.256,0-0.512-0.098-0.707-0.293L13,13.414l-2.293,2.293c-0.391,0.391-1.023,0.391-1.414,0s-0.391-1.023,0-1.414l3-3c0.391-0.391,1.023-0.391,1.414,0l3,3c0.391,0.391,0.391,1.023,0,1.414C16.512,15.902,16.256,16,16,16z'/></svg>")!important;} .depth-1-item:before, #helpForumsLink .depth-2-item:before {content:url("data:image/svg+xml;utf8,<svg xmlns='http://www.w3.org/2000/svg' width='26px' height='18px' fill='%23010101'><path d='M12,17c-0.256,0-0.512-0.098-0.707-0.293c-0.391-0.391-0.391-1.023,0-1.414L13.586,13l-2.293-2.293c-0.391-0.391-0.391-1.023,0-1.414s1.023-0.391,1.414,0l3,3c0.391,0.391,0.391,1.023,0,1.414l-3,3C12.512,16.902,12.256,17,12,17z'/></svg>");float:right;} .depth-1-item:hover::before, #helpForumsLink .depth-2-item:hover::before {content:url("data:image/svg+xml;utf8,<svg xmlns='http://www.w3.org/2000/svg' width='26px' height='18px' fill='%23010101'><path d='M14,17c-0.256,0-0.512-0.098-0.707-0.293l-3-3c-0.391-0.391-0.391-1.023,0-1.414l3-3c0.391-0.391,1.023-0.391,1.414,0s0.391,1.023,0,1.414L12.414,13l2.293,2.293c0.391,0.391,0.391,1.023,0,1.414C14.512,16.902,14.256,17,14,17z'/></svg>")!important;} }

Using wildcards in exclusions in real-time scanning - F-Secure Community

This article provides information on how to exclude files from real-time scanning in F-Secure Anti-virus products using wildcard characters.

About syntax in wildcards

The syntax used in exclusions differs between F-Secure products depending on whether the product is an older or newer version.

Older product versions: Server Security 12.x, Email and Server Security 12.x, and Client Security 12.x, and their premium versions.
Newer product versions: Client Security 13.x, Client Security 14.x, and their premium versions.

What to remember:

In older product versions, use double backslashes: "\\" (used as an escape character). All slashes in the path need to be typed out twice in this way. The path is not case-sensitive.
Note: The older format with double backslashes works in both older and newer product versions. The newer format with single backslashes only works in newer product versions, however.
In older product versions, use device names, as follows:
- *\\HarddiskVolume1\\*\\eicar.com
In older product versions, real-time scanning does not see drive letters. Exclusions with drive letters are still supported in older product versions provided that wildcards are not used in the exclusion.

Tip: To understand how the device name actually maps to a drive letter, you can use the fltmc utility. To do this, run fltmc volumes from the command line as an administrator.
In newer product versions, use drive letters, as follows:
- C:\*\eicar.com
Note: If you use \Device\HarddiskVolume1 (newer product versions) and \\Device\\HarddiskVolume1 (older product versions), this conflicts with network exclusions where the server is "Device" and share is "HarddiskVolume1". Therefore, start the local exclusion with an asterisk (*).
If you use a single character wildcard ?, always start the exclusion with an asterisk; for example:
- *\\eica?.com (older product versions)
- *\eica?.com (newer product versions)

Scenarios for real-time scanning

In the following examples, we use wildcards to exclude all *.ini files from real-time scanning in the following folder structure:

C:\Documents and Settings\User1\MyApplication\
C:\Documents and Settings\User2\MyApplication\
C:\Documents and Settings\UserNN\MyApplication\

Using wildcards, these folder structures appear as follows:

In older product versions

Option A: *\\HarddiskVolume1\\documents and settings\\*\\MyApplication\\*.ini
Option B:*\\documents and settings\\*\\MyApplication\\*.ini

The two options, A and B, highlight that exclusions can also be configured using the device name when the volume name is included (HarddiskVolume1). The volume name can differ between machines, so option B is preferred.

In newer product versions

C:\documents and settings\*\MyApplication\*.ini

Excluding a folder

Exclude an entire folder using wildcards as follows:

*\\MyFolder\\* (older product versions)
*\MyFolder\* (newer product versions)

Note: Everything inside the specified folder is excluded, including its subfolders.

Excluding objects

Exclude objects using wildcards that contain the string eicar in its name as follows:

*eicar*

You can also use ? as a wildcard for a single character as follows:

*eic??.com

This works with both older and newer product versions.