cancel
Showing results for 
Search instead for 
Did you mean: 

Correct configuration for [System Root] exceptions (adding files parameters to existing exceptions)

Jump to solution

systemroot.JPG

Hi,

I can not seem to find anywhere that answers my query below...

I have two files parameters in one of my exceptions:

C:\WINNT\TEMP\<other stuff here>

C:\WINDOWS\TEMP\<other stuff here>

I want to combine these two entries in to one, and was thinking of something like %windir%, but from page 105 in the HIPS 8.0 for ePO 4.5 Product Guide (we are using 4.6, but assuming it is the same), there are predefined variables (preceded with $, and look to be application specific) and also environment variables, one of which is SystemRoot.  The problem is, that the example list the syntax as if I was creating a rule myself.  If entering in to an existing exception (example screenshot attached), via the GUI, do I use:

[iEnv SystemRoot]\TEMP\*.<stuff>

Do I use

$SystemRoot\TEMP\*.<stuff>

or

%SystemRoot%\TEMP\*.<stuff>

I am suspecting the former, however it is not something I have actually configured before.  Any feedback greatly appreciated!

Cheers,

Darren

1 Solution

Accepted Solutions
Highlighted

Re: Correct configuration for [System Root] exceptions (adding files parameters to existing exceptions)

Jump to solution

i'd just do this:

?\win*\temp\*

3 Replies
Highlighted

Re: Correct configuration for [System Root] exceptions (adding files parameters to existing exceptions)

Jump to solution

i'd just do this:

?\win*\temp\*

Re: Correct configuration for [System Root] exceptions (adding files parameters to existing exceptions)

Jump to solution

Darn good idea - Cheers greatscott 🙂

McAfee Employee ktankink
McAfee Employee
Report Inappropriate Content
Message 4 of 4

Re: Correct configuration for [System Root] exceptions (adding files parameters to existing exceptions)

Jump to solution

I tested with %SystemRoot% in the FILES parameter, and it did not work (it does work in other fields like the EXECUTABLE details though).

LIke greatscott said, a ? character for the drive letter does work, or **\.

?:\win*\temp\*

**\win*\temp\*

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator