Exploit mitigation or ransomware wildcards and variables and using the "$" variable

Finally was able to get the exclusion syntax that was needed.  In global exclusion added  Exclusion Type being: Exploit Mitigation (Windows) and then entered  the correct syntax is:  " **\<filename>   This seems to have excluded the file no matter where the EXE file was located on the C: drive.

Thanks for following up to share the solution you found. 

Regarding your comment below, is the "app.exe" something that can be run stand-alone for testing purposes, or will this only work within your environment?

It may be worthwhile to inquire further with support to find out why the $ variable is not working correctly.

Edit/Update: Documentation has been updated to more accurately represent what the $ variable will do.

For example, $\app.exe excludes C:\app.exe, D:\app.exe, and so on.

Thanks for following up to share the solution you found. 

Regarding your comment below, is the "app.exe" something that can be run stand-alone for testing purposes, or will this only work within your environment?

It may be worthwhile to inquire further with support to find out why the $ variable is not working correctly.

Edit/Update: Documentation has been updated to more accurately represent what the $ variable will do.

For example, $\app.exe excludes C:\app.exe, D:\app.exe, and so on.