To stay updated on your favorite discussions, please create an account or log in. Then, click the Bookmark icon to subscribe and receive notifications.

Exclusion of directories using wildcards

J-C
J-C Posts: 44 Security Scout
in Business Suite

Hi,

 

I have read this document but unfortunately I still don´t understand how to do this..

Would like to exclude the below directories and drive letter but how to type this in PMC 9? Using CS 9 for server.

 

%windir%\Cluster

 

drive letter Q:

 

%Program Files%\Microsoft SQL Server\MSSQL\Data + Log + Backup

 

 

Could someone please explain this/show this to me in more detail?

If possible, I would like to exclude these regardless of their location, i.e both C: and D:


Thanks in advance!

 

Regards,
JC

Comments

  • J-C
    J-C Posts: 44 Security Scout

    Hi,

     

    Thank you very much, for helping me out!  Two more questions pls, just to confirm that I understand. :)

     

    I administrate F-secure on PC's that use different languages and I want to exclude one application from RTS.

    This could be located in 3 different places on any local drive.

     

    Let´s say the application, on a PC using English OS, is installed in C:\Program files\Folder.

     

    On a Swedish PC, "Program files" is called "Program". On a Norwegian one, it´s called "Programfiler".

     

    Question 1:

    To exclude this whole folder regardless of it´s location, I can use the below string?

     

    *\\HarddiskVolume*\\Program*\\Folder

     

    Question 2: 

    I have "inherited" the F-secure environment from another person. In the "Excluded objects table" under some domains I see the below string:

     

    \DEVICE\HARDDISKVOLUME1\PROGRAM FILES\Folder\     ( Using Folder as an example again)

     

    If I understand the document linked to in my first post, this works but if using wildcards one must replace device with asterisk and use backslash twice between every "name"?

    Instead of typing this way, one might as well use C:\Program files\Folder, same thing?

     

     

     

    Best regards,

    JC

  • Peter
    Peter Posts: 127 Threat Terminator

     

    Hi J-C,

     

    Apologies for the delay!

     

    Question 1:

    To exclude this whole folder regardless of it´s location, I can use the below string?

     *\\HarddiskVolume*\\Program*\\Folder


    Yes, this will work as "Program*" matches with \Program\, \Program files\ and lastly \Programfiler\.

    Question 2: 

    I have "inherited" the F-secure environment from another person. In the "Excluded objects table" under some domains I see the below string:

     

    \DEVICE\HARDDISKVOLUME1\PROGRAM FILES\Folder\     ( Using Folder as an example again)

     

    If I understand the document linked to in my first post, this works but if using wildcards one must replace device with asterisk and use backslash twice between every "name"?

     

    Instead of typing this way, one might as well use C:\Program files\Folder, same thing?

     

    Indeed, the exclusion highlighted above works but could also be replaced with "C:\Program files\Folder". 


  • J-C
    J-C Posts: 44 Security Scout

    Hi Peter,

     

    No problem at all, I´m just glad that you could find the time to help me.

     

    Thank you very much!

     

    Regards,
    JC

  • TanteEmma
    TanteEmma Posts: 2 Security Scout

    Hi

    at my linux system i like to exclude the /var/spool and all subfolders from scanning.

    I've tryed the syntax:  /var/spool//*

    but a test with eicar show me that the folder was still sanned.

     

    Whats the right syntax here?

     

    Best regards

    Helga

  • etomcat
    etomcat Posts: 1,172 Firewall Master

    Hello,

     

    Why is it not possible to use SHA-1 checksums for exclusions in real-time FSAV protection, instead of directory and file paths. Only the DeepGuard module accepts SHA-1 entries currently.

     

    Thanks in advance, Sincerely: Tamas Feher, Hungary.

This discussion has been closed.

Categories