Is anyone familiar with the exclusion syntax with the prefix "\:::" for ePO/VSE process exclusion? Is it documented anywhere?
I can find no documentation anywhere on what this syntax means - it appears to function as if it references the current McAfee VSE install directory on the client.
The instance of this syntax is located in our ePO installation (that I inherited) in an assigned policy at the root of the system tree of category: VirusScan Enterprise 8.8.0 : Access Protection Policies
Within this policy and the defined access protection rules under category "Common Standard Protection" : Prevent modification of McAfee files and settings it has a bunch of executables its excluding with this odd syntax.
The executables being excluded are in the VSE folder and do seem to be successfully excluded -
EXCEPT in the case when we were updating HIPS on the clients - this caused the exclusions to fail until we restart the clients - at which point the exclusions start working again.
That's odd, never seen wildcards like that before. Usually they are something like the below:
Wildcards (**,*, ?) are helpful in creating exclusions for VSE, but certain rules apply (see examples below).
•The ? wildcard is used to represent a single character in the exact position where it is placed in the path or file name.
•The * wildcard is used to represent partial filenames or extensions with one or more characters from the exact position where it is placed in the path \ file given.
•The ** wildcard is generally used for (partial) filenames or extensions with one or more characters from the exact position where it is placed in the path \ file given.
•System Environmental Variables such as %SystemRoot% can be used in exclusions. User Environmental Variables such as %UserProfile% cannot because the On‑Access scanner runs under the Windows Local System account.
We have wildcards within VSE for things like this, but never seen the ::: before
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.
Community Help Hub
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.