what are you trying to do exactly?
Can´t you just simply activate the Policy for possible unwanted programs and assign this one to the machines? Of course this won`t "heal" the machines which are already contaminated but could prevent other machines. If this one is a new detection with which the McAfee Scaneninge ist not able to deal you could define the *.exe Ransomware in the policy for PUP`s?!
If I get you wrong please be a little more specific in your question. What happend; What do you want to do; What kind of result do you want to accomplish;
**\*AppData*\**\*.exe - This is to block exe's being created or accessed from any of the appdata\local appdata\locallow or appdata\roaming areas plus below subfolders
This is to cover all my other 500 systems not the 2 that I've already had to wipe
But I would like to name some that I know are genuine applications to allow them to run, there is a very small list
Unwanted programs would work but this is a random named exe which has 100's of variants and by the time I know the name it would already be caught again
This rule will try to block everything in a non-existent folder -> \*AppData*\ <- but the folder name is EXACTLY \APPDATA\. Cut out the Wildcards for the Folder AppData and just use \AppData\
I guess you did read this one but maybe not: https://kc.mcafee.com/corporate/index?page=content&id=KB50998&pmv=print
I've seen a similar topic for managing exclusions
Either **\AppData\**\*.exe or **\*AppData*\**\*.exe gives me the same result, exe's are blocked on the machine as I wish - this command isnt my issue
Its adding exclusions to known exe's that I cannot fix
The only way I could think of, and of course if we both are not in a false in how to define exclusions, is to play around in the area for "processes to exclude". Tried to exclude the *.exe with the given parameters like "**\AppData\**\Firefox.exe"?