Real-Time Scan Exclusion Variable\WildCard Confirmation

I want to exclude the following (example) from real-time scanning:

This directory (26e9f183-6e80-4436-8461-a67d55c5e4b1) is randomized within the user's profile temp directory

c:\Users\testuser\Temp\26e9f183-6e80-4436-8461-a67d55c5e4b1

These files are randomized within that directory. There is always a .tmp one, and numerous ones that start with testtemp_ then random after, no file ext.


testc8dea266-6496-46f7-9280-72ec449eb3f0.tmp
testtemp_0MC9NCIDNG8578DMLROD0SSVQM23

I created these two exclusions, are they correct?

%temp%\*\test*.tmp
%temp%\*\testtemp_*



Added tags
[edited by: Gladys at 6:03 AM (GMT -7) on 27 Oct 2023]
Parents Reply
  • So I made a new text document, and renamed it according to my convention. Then i pasted the eicar string into it. The process allowed me to do so. I got no alerts on central.  I cannot open the file afterwards, says i have no access.   

    I tried to download and rename the file from various browser all of which catch it and won't let it happen.

    In short I don't know if this was a successful test of my patterns or not. 

Children