There are two different namespaces that can be used to indicate a location on disk: the
DOS Devices namespace and the
Object Manager namespace.
Examples:
- DOS Devices:
C:\Folder\Subfolder\File.ext
- Object Manager:
\Device\HarddiskVolumeX\Folder\Subfolder\File.ext
The creation of file and folder exclusions allows you to define specific items that must
not be scanned by the on-access scanner. Depending on the structure of your environment, you might need to create specific exclusions using a drive letter or a device name.
Example 1:
If
D: is the drive letter assigned to
\Device\HardDiskVolume0\, the on-access scanner can recognize files in these locations using either path:
D:\Stuff\eicar.com
Or
\Device\HardDiskVolume0\Stuff\eicar.com
NOTE: A separate exclusion might be needed for each format.
Example 2:
If
\Device\<GUID>\ (where <GUID> is a mount point ID) is mounted to
M:, the on-access scanner can recognize files at M:\ as either:
M:\eicar.com
Or
\Device\GUID\eicar.com
To avoid duplication of effort in having to add the same exclusion in different ways, continue as follows:
- If a detection has occurred:
See the file path in the detection message. The description of the file includes the path data in the way VSE recognizes it.
By using this path, you can effectively exclude the appropriate files or folders.
- If no detection has occurred:
The on-access scanner uses exclusions by drive letter or device name, depending on which format is received from the file-system. Add the exclusion in either way.
If a detection occurs, the exclusion has been unsuccessful and the other method needs to be applied instead.
NOTE: To cover both namespace types, use the exclusion format:
**\Folder\Subfolder\File.ext
