Exclusion of directories using wildcards

J-C
Supporter

Exclusion of directories using wildcards

Hi,

 

I have read this document but unfortunately I still don´t understand how to do this..

Would like to exclude the below directories and drive letter but how to type this in PMC 9? Using CS 9 for server.

 

%windir%\Cluster

 

drive letter Q:

 

%Program Files%\Microsoft SQL Server\MSSQL\Data + Log + Backup

 

 

Could someone please explain this/show this to me in more detail?

If possible, I would like to exclude these regardless of their location, i.e both C: and D:


Thanks in advance!

 

Regards,
JC

1 ACCEPTED SOLUTION

Accepted Solutions
F-Secure Product Expert

Re: Exclusion of directories using wildcards

Hi J-C,

 

This would be really easy if we had support for environment variables in exclusions, but this is unfortunately not yet available.

 

%windir%\Cluster

 

%windir% always points to the Windows directory and the default setting is (excluding NT 4 and Windows 2000) always C:\Windows. Proceeding with the assumption, foldername is always Windows, following exclusion would exclude all files existing in the <drive-letter>:\Windows\Cluster folders, on all local hard drives.

 

*\\HarddiskVolume*\\Windows\\Cluster

 

Use “fltmc volumes” to find out how drive letters map to device names (device name needs to be used here, since the exclusion uses wildcards).

 

drive letter Q:

 

Simply “Q:\” (without the quotes) should do the trick here.  Legacy drive letters can be used here, as we ‘re not using wildcards at the same time.

 

%Program Files%\Microsoft SQL Server\MSSQL\Data + Log + Backup

 

As the MSSQL folder contains other folders besides the ones listed above, no easy solution here: three separate exclusions for each of the folders (Data, Log, Backup) are needed but the exclusion below at least makes the exclusion independent of the location %Program Files% (drive):

 

*\\HarddiskVolume*\\Program Files\\Microsoft SQL Server\\MSSQL\\Data

*\\HarddiskVolume*\\Program Files\\Microsoft SQL Server\\MSSQL\\Log

*\\HarddiskVolume*\\Program Files\\Microsoft SQL Server\\MSSQL\\Backup

 

Note, all inclusions should be entered using either PMC or the local UI. Also, exclusions are not case-sensitive....

 

Best Regards,
Peter
6 REPLIES 6
F-Secure Product Expert

Re: Exclusion of directories using wildcards

Hi J-C,

 

This would be really easy if we had support for environment variables in exclusions, but this is unfortunately not yet available.

 

%windir%\Cluster

 

%windir% always points to the Windows directory and the default setting is (excluding NT 4 and Windows 2000) always C:\Windows. Proceeding with the assumption, foldername is always Windows, following exclusion would exclude all files existing in the <drive-letter>:\Windows\Cluster folders, on all local hard drives.

 

*\\HarddiskVolume*\\Windows\\Cluster

 

Use “fltmc volumes” to find out how drive letters map to device names (device name needs to be used here, since the exclusion uses wildcards).

 

drive letter Q:

 

Simply “Q:\” (without the quotes) should do the trick here.  Legacy drive letters can be used here, as we ‘re not using wildcards at the same time.

 

%Program Files%\Microsoft SQL Server\MSSQL\Data + Log + Backup

 

As the MSSQL folder contains other folders besides the ones listed above, no easy solution here: three separate exclusions for each of the folders (Data, Log, Backup) are needed but the exclusion below at least makes the exclusion independent of the location %Program Files% (drive):

 

*\\HarddiskVolume*\\Program Files\\Microsoft SQL Server\\MSSQL\\Data

*\\HarddiskVolume*\\Program Files\\Microsoft SQL Server\\MSSQL\\Log

*\\HarddiskVolume*\\Program Files\\Microsoft SQL Server\\MSSQL\\Backup

 

Note, all inclusions should be entered using either PMC or the local UI. Also, exclusions are not case-sensitive....

 

Best Regards,
Peter
J-C
Supporter

Re: Exclusion of directories using wildcards

Hi,

 

Thank you very much, for helping me out!  Two more questions pls, just to confirm that I understand. :)

 

I administrate F-secure on PC's that use different languages and I want to exclude one application from RTS.

This could be located in 3 different places on any local drive.

 

Let´s say the application, on a PC using English OS, is installed in C:\Program files\Folder.

 

On a Swedish PC, "Program files" is called "Program". On a Norwegian one, it´s called "Programfiler".

 

Question 1:

To exclude this whole folder regardless of it´s location, I can use the below string?

 

*\\HarddiskVolume*\\Program*\\Folder

 

Question 2: 

I have "inherited" the F-secure environment from another person. In the "Excluded objects table" under some domains I see the below string:

 

\DEVICE\HARDDISKVOLUME1\PROGRAM FILES\Folder\     ( Using Folder as an example again)

 

If I understand the document linked to in my first post, this works but if using wildcards one must replace device with asterisk and use backslash twice between every "name"?

Instead of typing this way, one might as well use C:\Program files\Folder, same thing?

 

 

 

Best regards,

JC

F-Secure Product Expert

Re: Exclusion of directories using wildcards

 

Hi J-C,

 

Apologies for the delay!

 

Question 1:

To exclude this whole folder regardless of it´s location, I can use the below string?

 *\\HarddiskVolume*\\Program*\\Folder


Yes, this will work as "Program*" matches with \Program\, \Program files\ and lastly \Programfiler\.

Question 2: 

I have "inherited" the F-secure environment from another person. In the "Excluded objects table" under some domains I see the below string:

 

\DEVICE\HARDDISKVOLUME1\PROGRAM FILES\Folder\     ( Using Folder as an example again)

 

If I understand the document linked to in my first post, this works but if using wildcards one must replace device with asterisk and use backslash twice between every "name"?

 

Instead of typing this way, one might as well use C:\Program files\Folder, same thing?

 

Indeed, the exclusion highlighted above works but could also be replaced with "C:\Program files\Folder". 


Best Regards,
Peter
J-C
Supporter

Re: Exclusion of directories using wildcards

Hi Peter,

 

No problem at all, I´m just glad that you could find the time to help me.

 

Thank you very much!

 

Regards,
JC

Aspirant

Re: Exclusion of directories using wildcards

Hi

at my linux system i like to exclude the /var/spool and all subfolders from scanning.

I've tryed the syntax:  /var/spool//*

but a test with eicar show me that the folder was still sanned.

 

Whats the right syntax here?

 

Best regards

Helga

Tags (3)
Superuser

Re: Exclusion of directories using wildcards

Hello,

 

Why is it not possible to use SHA-1 checksums for exclusions in real-time FSAV protection, instead of directory and file paths. Only the DeepGuard module accepts SHA-1 entries currently.

 

Thanks in advance, Sincerely: Tamas Feher, Hungary.