This article provides information on how you can exclude files from scanning by using wildcard characters in the F-Secure antivirus products.
Whenever wildcards are used in an exclusion, you have to type backslash twice: "
\\" (as an escape character). All slashes in the path need to be escaped in this way. The path is not case-sensitive.
For real-time scanning use device names, e.g.
For manual scanning use drive letters only, e.g.
C:\\*\\eicar.com. The device names will not work here. If you use the single character wildcard (?), always start the exclusion with an asterisk, e.g.
Note: When using wildcards, real-time scanning does not see the drive letters (legacy exclusions with drive letters are still supported in real-time scanning if wildcards are not used in the exclusion). To map drive letters to device names, run
fltmc volumesfrom command line as an administrator. The fltmc utility ships with your operating system.
\\Device\\HarddiskVolume1will collide with the network exclusion where server is "Device" and share is "HarddiskVolume1". Hence, start the local exclusion with an asterisk (*).
Some examples of using wildcards to exclude all *.ini files for real-time scanning in the following folder structure:
C:\Documents and Settings\User1\MyApplication\
C:\Documents and Settings\User2\MyApplication\
C:\Documents and Settings\UserNN\MyApplication\
*\\HarddiskVolume1\\documents and settings\\*\\MyApplication\\*.ini
*\\documents and settings\\*\\MyApplication\\*.ini
Working example 1:
When using wildcards, manual scanning does not understand device names, only real-time scanning does.
*\\harddiskvolume1\\documents and settings\\*\\CADS\\*.ini
Manual scanning only:
Working example 2:
To exclude an entire folder:
Note: Everything inside the specified folder will be excluded, including its subfolders.
Working example 3:
To exclude any objects containing the string "eicar" in its name:
You can also use "?" as wildcard for a single character:
Working example 4:
All slashes need to be escaped, and if you use the single character wildcard (?), always start the exclusion with an asterisk.
DeepGuard supports exclusions configured for real-time protection but they need to meet the following criteria:
c:\Program files (x86)\CodeMeter\