Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 3 replies
  • Subscribers 3 subscribers
  • Views 6153 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Long Folder Name Exclusion Question

GaylaAlderette

Hi,

Have a quick question about long folder name exclusion.  Since it seems that there are not wild cards for folders?  This is a vendor exclusion and I need to know if this would be the proper way to exclude.  This is more or less their request.

C:\windows\folder\folder\folder\AppData\Local\Temp\longfoldername*

My idea is the 8.3-compliant file and folder names rule.

C:\windows\folder\folder\folder\AppData\Local\Temp\longfo~1

Will this work or is there a better way?  Sometimes I know that folders in the temp directory can be long as they are created and appended.  Any ideas would be extremely welcome.

Thanks,

Gayla



This thread was automatically locked due to age.
  • 0

    Hi,

    Taking the example of using eicar.com (www.eicar.org/86-0-Intended-use.html) as a way to validate exclusions.

    If I add a folder exclusion of:

    C:\Users\JAK\Desktop\

    I can place eicar.com on the Desktop and it will no longer be picked up by on-access.  I can create other sub-directories within Desktop and eicar.com will not be picked up as all sub-folders are excluded.

    If I have a dir called:
    C:\Users\JEN\Desktop\this is a test\

    with eicar.com in, the folder exclusion:

    C:\Users\JEN\Desktop\this is a test\

    will work fine.  Just ensure you always have the trailing backslash to guarantee it's a folder exclusion rather than a file.

    I suggest you experiment with placing eicar.com into the directories you are wanting to exclude to prove the exclusions you are adding are working.

    Regards,

    Jak

  • 0

    Hello Gayla,

    as Jak has said, you could exclude everything (including subfolders) under ...\Temp\ with a folder exclusion.
    Please note that an 8.3 name in an exclusion is not a "synonym". The driver simply tests the filename that's passed to it (which in rare cases is the 8.3 name) against the exclusions. It doesn't check whether it's a SFN or not.

    folder\folder\folder
    This perhaps System32\config\systemprofile? This would be the %TEMP% directory for a service running under the SYSTEM account. If I'm correct it would not be specific for only the vendor's application though ....

    Christian 

  • 0

    Thanks for your response.  I appreciate your explanation.

    Cheers

Unfiltered HTML