Using wildcards in exclusions in real-time scanning

This article provides information on how to exclude files from real-time scanning in F-Secure Anti-virus products using wildcard characters.
About syntax in wildcards
- Older product versions: Server Security 12.x, Email and Server Security 12.x, and Client Security 12.x, and their premium versions.
- Newer product versions: Client Security 13.x, Client Security 14.x, and their premium versions.
What to remember:
- In older product versions, use double backslashes: "
\\
" (used as an escape character). All slashes in the path need to be typed out twice in this way. The path is not case-sensitive.
Note: The older format with double backslashes works in both older and newer product versions. The newer format with single backslashes only works in newer product versions, however. - In older product versions, use device names, as follows:
-
*\\HarddiskVolume1\\*\\eicar.com
In older product versions, real-time scanning does not see drive letters. Exclusions with drive letters are still supported in older product versions provided that wildcards are not used in the exclusion.
Tip: To understand how the device name actually maps to a drive letter, you can use the fltmc utility. To do this, run
fltmc volumes
from the command line as an administrator. -
- In newer product versions, use drive letters, as follows:
-
C:\*\eicar.com
Note: If you use\Device\HarddiskVolume1
(newer product versions) and\\Device\\HarddiskVolume1
(older product versions), this conflicts with network exclusions where the server is "Device" and share is "HarddiskVolume1". Therefore, start the local exclusion with an asterisk (*
). -
- If you use a single character wildcard
?
, always start the exclusion with an asterisk; for example:-
*\\eica?.com
(older product versions) -
*\eica?.com
(newer product versions)
-
Scenarios for real-time scanning
*.ini
files from real-time scanning in the following folder structure: -
C:\Documents and Settings\User1\MyApplication\
-
C:\Documents and Settings\User2\MyApplication\
-
C:\Documents and Settings\UserNN\MyApplication\
Using wildcards, these folder structures appear as follows:
- Option A:
*\\HarddiskVolume1\\documents and settings\\*\\MyApplication\\*.ini
- Option B:
*\\documents and settings\\*\\MyApplication\\*.ini
The two options, A and B, highlight that exclusions can also be configured using the device name when the volume name is included (HarddiskVolume1
). The volume name can differ between machines, so option B is preferred.
-
C:\documents and settings\*\MyApplication\*.ini
Excluding a folder
-
*\\MyFolder\\*
(older product versions) -
*\MyFolder\*
(newer product versions)
Note: Everything inside the specified folder is excluded, including its subfolders.
Excluding objects
eicar
in its name as follows: -
*eicar*
?
as a wildcard for a single character as follows: -
*eic??.com
This works with both older and newer product versions.