Real-Time Scan Exclusion Variable\WildCard Confirmation

I want to exclude the following (example) from real-time scanning:

This directory (26e9f183-6e80-4436-8461-a67d55c5e4b1) is randomized within the user's profile temp directory

c:\Users\testuser\Temp\26e9f183-6e80-4436-8461-a67d55c5e4b1

These files are randomized within that directory. There is always a .tmp one, and numerous ones that start with testtemp_ then random after, no file ext.


testc8dea266-6496-46f7-9280-72ec449eb3f0.tmp
testtemp_0MC9NCIDNG8578DMLROD0SSVQM23

I created these two exclusions, are they correct?

%temp%\*\test*.tmp
%temp%\*\testtemp_*



Added tags
[edited by: Gladys at 6:03 AM (GMT -7) on 27 Oct 2023]
Parents Reply
  • Checking the %temp% variable, this will correspond to: C:\Users\*\AppData\Local\Temp

    If the location you're trying to exclude is C:\Users\testuser\Temp\ this may not work. 

    Could you try the following? 
    - C:\Users\*\Temp\test*.tmp
    C:\Users\*\Temp\testtemp_*

    Regarding files being detected when downloading from a web browser on a remote device, I suspect Web Control may be scanning and blocking the file. 

    If you need to make the file accessible through a file share, an exclusion such as //<servername>/ may be needed. 
    If the file needs to be accessible via web browser, an exclusion of the type "Website" for the site URL will be necessary.

    Kushal Lakhan
    Team Lead, Global Community Support
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
Children