Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
980 Views 2 Replies Latest reply: Oct 13, 2012 5:25 AM by dmease729 RSS
dmease729 Champion 267 posts since
Jul 22, 2011
Currently Being Moderated

Oct 12, 2012 9:14 AM

VirusScan *inclusions*...  Possible to exclude 'everything but X'

Hi,

 

Query I got recently with regard to VSEL, is 'I want to scan everything in these 3 folders, and nothing else'.  Example folders:

 

/blah/1/data

/blah/2/data

/blargh/1/foo

 

Aside from *possibly* looking at regex to cover all 3, the only other option I can think of is to manually exclude all of the parent folders, and all subfolders that arent in this list, ie if we had:

 

/blah/1/data

/blah/2/data

/blargh/1/foo

/blah/2/otherdata

/blah/3

/anotherone/etc/

/yetanotherone/

 

I would need to exclude everything in /blah/2 that wasnt 'data' (to start with), but could run into the situation where new folders were added, so cant just exclude what is already there.  Is it possible to exclude:

 

/blah/2/![data]      #ie regex that excludes everything if it isnt the subfolder 'data'.....    note I may have my regex wrong here as it has been a while, but you get the idea!  could be a (^(expr)) that I am looking for...

 

Am I thinking about this too much?  Am I missing a potentially simple answer to this?

 

Any sanity check or clarification appreciated!!!!!

 

cheers,

  • alexn Veteran 722 posts since
    Aug 9, 2012

    When setting exclusions, there are two wildcard exclusion symbols used in VirusScan Enterprise from version 8.0 onwards:

    • Single asterisk: *
    • Double asterisk: **

    The sections below explain how to use these wildcards correctly.

     

    NOTE: Exclusions are not case sensitive, however, if you are using environment variables in the exclusion, it is best practice to type these in lower case.

    • Directory exclusions
         
      A single asterisk * wildcard can be used to denote single directory names.
         
          For example, the exclusion: c:\directory1\*\directory2\ would exclude all of the following folders:
         
          c:\directory1\shandy\directory2\
          c:\directory1\roger\directory2\
          c:\directory1\tiger\directory2\
          c:\directory1\thomas\directory2\
         
         
          NOTE:
         
         
      • Trailing backslashes are mandatory for folder exclusions to work successfully.
      • Without the ending backslash VirusScan Enterprise and ePolicy Orchestrator will treat the entry as a file exclusion.
      • If no backslash is used, the Include subfolders option remains grayed out from VirusScan Enterprise 8.8 and ePolicy Orchestrator 4.6.
                Earlier versions would inadvertently allow selecting this option even when no backslash was used.
         
    • File exclusions
         
      A single asterisk * wildcard can be used to denote partial filename matches or wildcard extension matches, for example:

    c:\windows\abc*.rtf
    c:\windows\abc.*

     


    Do not use trailing backslashes for filename matches. Failure to do so will result in VirusScan excluding the wrong items. To clarify this important point, examine these two examples:

    c:\windows\abc
    c:\windows\abc\


    The first exclusion would be treated as a filename, the second as a directory.

     

    Double Asterisk

    • Directory exclusions
          Double asterisks ** allow a wider folder exclusion called a Multiple Depth Exclusion. These are exclusions where the same target folder name may occur multiple times in subfolders originating from a common folder.
         
          Example: A thumbnail directory called thumbs can exist under one or more subfolders at any depth in the folder structure of a photo application:
         
          c:\program files\photo-program\library\animals\thumbs\
          c:\program files\photo-program\library\clothes\tshirts\thumbs\
          c:\program files\photo-program\library\clothes\trousers\thumbs\
          c:\program files\photo-program\library\clothes\trousers\green\thumbs\
         
          The example below uses a double asterisk to exclude the contents of any folder named thumbs under the library folder of the photo application:
         
          c:\program files\photo-program\library\**\thumbs\
         
         
         
      NOTE: Include a trailing backslash to ensure that VSE handles thumbs as a folder and not a file.

    Extensions

    • Extension exclusions
          McAfee recommends that you use exclude item by file type to exclude all files with a specific extension, such as those created and used exclusively by a single application. This excludes only the required file types and has the least impact on system performance.
         
          A common error when configuring exclusions for file extensions is to exclude extensions in the same way as file and folder exclusions. For example, if an application writes data to files with the extensions SRTT and SRTS, it may at first seem logical to create the exclusions below:
         
          **\*.SRTT (to exclude all files with SRTT extension in any directory or sub-directory)
          **\*.SRTS (to exclude all files with SRTS extension in any directory or sub-directory)
         
         
          These exclusions work, but can have a negative impact on performance. A large list of individual exclusions is also more difficult to manage. In this example it is far more efficient to add a new exclusion for SRT only.
         
          **\*.SRT (exclude all files with an extension starting with SRT in any directory or sub-directory)
          
         

          IMPORTANT:
         

         
      • There is a three-character limit to excluded file extensions.
      • The three-letter extension limitation is automatically enforced when you enter the extension to exclude.
      • All files with extensions starting with SRT will be excluded  despite the three-character limitation. In this example this includes .SRTT and .SRTS.
         

     

    The question (?) mark is used for single character replacement within filenames and folders. This wildcard character gives you a finer degree control over exclusions.

    • Directory exclusions
         
          You might need to exclude a series of sequentially named sub-folders without excluding the contents of the parent folder.
         
          Example:
         
          C:\program files\application\cache\tmp1\
          C:\program files\application\cache\tmp2\
          C:\program files\application\cache\tmp3\
          C:\program files\application\cache\tmp4\
         
         
          The best method for this exclusion would be to create the exclusion below:
         
          c:\program files\application\cache\tmp?\
         
         
         
      This excludes any folders below the cache folder that match tmp? (In this example, tmp1, tmp2, tmp3 and tmp4).
         
          
    • File extension exclusions
         
      You can use the wildcard for any of the three characters, so the following would be valid:

    AB?
    A?C
    ?BC


    While it is possible to use two ? wildcards as shown below, McAfee does not recommend this because the scope of the exclusion is too broad:

    A??
    ??C
    ?B?


    Post Timings: 6.00 AM to 3.00PM PDT

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • Correct Answers - 5 points
  • Helpful Answers - 3 points