Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 2 replies
  • Subscribers 2 subscribers
  • Views 7983 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

exclusion file and sub-folder wildcards

mbutler522010

I have a question about the anti-virus exclusion scope in the console.

Microsofts recommendation for domain controllers (link) says:

The Sysvol\Sysvol folder uses the following location: %systemroot%\Sysvol\Domain

Exclude the following files from this folder and all its subfolders:

*.adm

To do this, I would use a File exclusion in the anti-virus policy.

 

My question: Does the file exclusion automatically do all sub-folders or only the folder defined?

 

A little more detail if it isn't clear. Inside of "C:\Windows\SYSVOL\domain" are hundreds of sub-directories with *.adm files inside of them. Would a file exclusion of:

C:\Windows\SYSVOL\domain\*.adm

get all subdirectories and the files or only the files in the one directory specified? I can't find a clear answer in the online docs.



This thread was automatically locked due to age.
Parents
  • +1

    Hello mbutler522010,

    admittedly there's no matching example (e.g. in Information on 10.6.4) but the behaviour can be deduced:

    ** (Star Star) matches Zero or more of any characters including \ and / , when bracketed by \ or / characters

    So if it accepts a string like C:\foo\**\*.adm (or C:\Windows\SYSVOL\domain\**\*.adm in your case) this should give the desired results. I suggest the savtst32.exe tool from the \sec_5nn\tools\ directory. Select the desired path and filename from the Drive menu item.
    BTW: You can run savtst32.exe from any desired location and also rename it. Let's you verify process exclusions as well.

    Christian

Reply
  • +1

    Hello mbutler522010,

    admittedly there's no matching example (e.g. in Information on 10.6.4) but the behaviour can be deduced:

    ** (Star Star) matches Zero or more of any characters including \ and / , when bracketed by \ or / characters

    So if it accepts a string like C:\foo\**\*.adm (or C:\Windows\SYSVOL\domain\**\*.adm in your case) this should give the desired results. I suggest the savtst32.exe tool from the \sec_5nn\tools\ directory. Select the desired path and filename from the Drive menu item.
    BTW: You can run savtst32.exe from any desired location and also rename it. Let's you verify process exclusions as well.

    Christian

Children
Unfiltered HTML