cancel
Showing results for 
Search instead for 
Did you mean: 
shocko
Level 9
Report Inappropriate Content
Message 1 of 7

Single File exclusions - Performance

Can single file exclusions be specified without any wildcards e.g PageFile.sys or must they be specified as *\PageFile.sys. Also, in terms of performance, I'm wondering if using wildcards is actually more efficient when the engine has to match an exclusion e.g. if we specified to exclude A.sys1 A.sys2 and A.sys3 would it be more efficient to simply match A.sys? for example? I wondering does the engine do a reg exp match or the like.


Note: Purely an example for illustraitve pruoposes! Don't admonish me


6 Replies
apoling
Level 14
Report Inappropriate Content
Message 2 of 7

Re: Single File exclusions - Performance

Hi,

Single file exclusions are allowed (without any path fragment, whatsoever). Your example of pagefile.sys is special in a way that it needs not be excluded, see KB82021.

As for your other examples, the engine examines only the first 3 letters of the extension, that is, you need not specify any more letter: excluding A.sys will result in exclusion of A.sys1, or A.sys123456. See also Related information in KB58707.

Re: Single File exclusions - Performance

Hello,

Use in below format :

PageFile.sys or must they be specified as **\PageFile.sys.

A.sys1 A.sys2 and A.sys3 = A.sys*

shocko
Level 9
Report Inappropriate Content
Message 4 of 7

Re: Single File exclusions - Performance

Thanks Attila, I'm aware of the 3 char extension limit, my example is purely theory. I guess I'm wondering what overhead a long list of exclusions has.

apoling
Level 14
Report Inappropriate Content
Message 5 of 7

Re: Single File exclusions - Performance

As far as I remember there is nothing to worry about performance until around 1000 single exclusions are specified (have read somewhere here or gotten as a reply to my post in the past).

Re: Single File exclusions - Performance

Not sure if this will help, but here is the KB on Managing File Exclusions, and as points out the 'Double Asterisk' is common practise.

McAfee KnowledgeBase - How to manage file and folder exclusions in VirusScan Enterprise 8.x

Regards

Rich

Volunteer Moderator

Certified McAfee Product Specialist - ePO

Re: Single File exclusions - Performance

•The ? wildcard is used to represent a single character in the exact position where it is placed in the path or file name. 

•The * wildcard is used to represent partial filenames or extensions with one or more characters from the exact position where it is placed in the path \ file given. 

•The ** wildcard is generally used for (partial) filenames or extensions with one or more characters from the exact position where it is placed in the path \ file given. 

•System Environmental Variables such as %SystemRoot% can be used in exclusions. User Environmental Variables such as %UserProfile% cannot because the On‑Access scanner runs under the Windows Local System account.