How to manage file and folder exclusions using wildcards

Technical Articles ID:   KB50998
Last Modified:  2/28/2020

Environment

McAfee VirusScan Enterprise (VSE) 8.x

Summary

Use the following information to create file and folder exclusions with VSE.
 
NOTES: 
  • The file and folder exclusions detailed in this article are not applicable to Potentially Unwanted Programs (PUPs). PUP exclusions can only be set for specific detection names.
  • If ePolicy Orchestrator (ePO) manages your computer, the instructions below must be applied through ePO. If you apply the instructions locally on an ePO-managed computer, your changes will be overwritten.
Create an exclusion:
  1. Click StartProgramsMcAfeeVirusScan Console.
  2. Right-click On-Access Scanner and select Properties.
  3. Click All ProcessesDetectionExclusions.
When you set exclusions, there are two wildcard exclusion symbols that VSE uses:
  • Single asterisk: *
  • Double asterisk: **
The sections below explain how to use these wildcards correctly.

NOTE: Exclusions are not case sensitive. But, if you are using environment variables in the exclusion, it is best practice to type these variables in lowercase.
 
Single asterisk
  • Directory exclusions
    Use a single asterisk (*) wildcard to denote single directory names.

    For example, the exclusion c:\directory1\*\directory2\ would exclude all following folders:

    c:\directory1\shandy\directory2\
    c:\directory1\roger\directory2\
    c:\directory1\tiger\directory2\
    c:\directory1\thomas\directory2\


    NOTES:
    • Trailing backslashes are mandatory for folder exclusions to work successfully.
    • Without the ending backslash, VSE and ePO treat the entry as a file exclusion.
    • If you do not use a backslash when you configure VSE locally, the Include subfolders option remains grayed out. Take care when you configure folder exclusions using ePO because the Include subfolders option does not gray out.
       
      Earlier versions would inadvertently allow selecting this option even without a backslash.
       
  • File exclusions
    Use a single asterisk (*) wildcard to denote partial file name matches or wildcard extension matches, for example:

    c:\windows\abc*.rtf
    c:\windows\abc.*


    Do not use trailing backslashes for file name matches. Doing so results in VSE excluding the wrong items. To clarify this point, review the following two examples:

    c:\windows\abc
    c:\windows\abc\


    The first exclusion is treated as a file name, and the second exclusion is treated as a directory.
Double asterisk
  • Directory exclusions
    Double asterisks (**) allow a wider folder exclusion called a Multiple Depth Exclusion. For these exclusions, the same target folder name might occur multiple times in subfolders originating from a common folder.

    Example: A thumbnail directory called thumbs can exist under one or more subfolders at any depth in the folder structure of a photo application:

    c:\program files\photo-program\library\animals\thumbs\
    c:\program files\photo-program\library\clothes\tshirts\thumbs\
    c:\program files\photo-program\library\clothes\trousers\thumbs\
    c:\program files\photo-program\library\clothes\trousers\green\thumbs\


    The following example uses a double asterisk to exclude the contents of any folder named thumbs under the library folder of the photo application:

    c:\program files\photo-program\library\**\thumbs\

    NOTE: To make sure that VSE handles thumbs as a folder and not a file, include a trailing backslash.
     
Extensions
  • Extension exclusions
    McAfee recommends that you use exclude item by file type to exclude all files with a specific extension, such as files created and used exclusively by a single application. This approach excludes only the needed file types and has the least impact on system performance.

    A common error when configuring exclusions for file extensions is to exclude extensions in the same way as file and folder exclusions. For example, if an application writes data to files with the extensions SRTT and SRTS, it might at first seem logical to create the following exclusions:

    **\*.SRTT - To exclude all files with SRTT extension in any directory or subdirectory.
    **\*.SRTS - To exclude all files with SRTS extension in any directory or subdirectory.

    These exclusions work, but can have a negative effect on performance. A large list of individual exclusions is also hard to manage. In this example, it is far more efficient to add a new File Type exclusion for SRT only.

    SRT - To exclude all files with an extension starting with SRT in any directory or subdirectory 

    IMPORTANT: 
    • There is a three-character limit to excluded File Type extensions.
    • The three-letter extension limitation is automatically enforced when you enter the extension to exclude.
    • All files with extensions starting with SRT are excluded despite the three-character limitation. In this example, it includes .SRTT and .SRTS
Question mark
The question mark (?) is used for single character replacement within file names and folders. This wildcard character gives you a finer degree control over exclusions. 
  • Directory exclusions
    You might need to exclude a series of sequentially named sub-folders without excluding the contents of the parent folder. Example:

    C:\program files\application\cache\tmp1\
    C:\program files\application\cache\tmp2\
    C:\program files\application\cache\tmp3\
    C:\program files\application\cache\tmp4\


    The best method for this exclusion would be to create the following exclusion:

    c:\program files\application\cache\tmp?\

    This exclusion excludes any folders below the cache folder that match tmp? (in this example, tmp1, tmp2, tmp3 and tmp4).

     
  • File extension exclusions
    You can use the wildcard for any of the three characters, so the following examples are valid:

    AB?
    A?C
    ?BC


    Although it is possible to use two question mark wildcards (??) as shown below, McAfee does not recommend this approach because the scope of the exclusion is too broad:

    A??
    ??C
    ?B?

Glossary of Technical Terms


 Highlight Glossary Terms

Please take a moment to browse our Glossary of Technical Terms.