Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4357
Views
0
Helpful
4
Replies

Cisco AMP for Endpoints - Wildcard Exclusions

chivudaniel
Level 1
Level 1

‎07-26-2018 08:35 AM - edited ‎02-20-2020 09:05 PM

Hello,

 

Can I use the Wildcard exclusion capability of Cisco AMP in order to add an exclusion that can propagate on multiple drives, on Windows.  For example, if I will add the wildcard exclusion " *\Folder1\Folder2\ " will this be apply for drive C, D , E etc? (similar with C:\Folder1\Folder2\  or    D:\Folder1\Folder2\)

 

Thanks,


Daniel

Labels:
0 Helpful
4 Replies 4

Troja007
Cisco Employee
Cisco Employee

‎07-26-2018 09:05 AM

Hello,

enclosed an info also from AMP manuals. From my side, it should be work as you mentioned.

 

Wildcard exclusions are the same as path or extension exclusions except that you can use an asterisk character as a wild card. For example, if you wanted to exclude your virtual machines on a Mac from being scanned you might enter this path exclusion:

/Users/johndoe/Documents/Virtual Machines/

However, this exclusion will only work for one user, so instead replace the username in the path with an asterisk and create a wild card exclusion instead to exclude this directory for all users:

/Users/*/Documents/Virtual Machines/ 

 

 

Cheers

0 Helpful

Alessandro@ITConsulting
Level 1
Level 1
In response to Troja007

‎05-14-2020 02:59 AM

Hello to all of community,
about this exclusion, with wildcard, if I use AnyDrive option, How do I have to write the exclusion?
In the manual I see use of ^[A-Za-z]\foldername but after applied the rule, I see in the field: anydrive:\^[A-Za-z]\foldername.

Is it correct?
from Manual:
Write an exclusion for paths that exists in separate drives.
Example: C:\testpath and D:\testpath will be:
^[A-Za-z]\testpath
The system automatically generates the ^[A-Za-z] when "Apply to all drive letters" is check boxed after wildcard is selected from the Exclusion Type dropdown.

Now which is the correct syntax to write the exclusion is this case?

only foldername like folderA\folderB\ or ^[A-Za-z]\folderA\folderB\

thanks and regards,

Alex.
0 Helpful

Matthew Franks
Cisco Employee
Cisco Employee
In response to Alessandro@ITConsulting

‎05-14-2020 05:29 AM

The system will add ^[A-Za-z]:\ for you.  Consider you have a folder at C:\test and D:\test on various machines and want to exclude both. You would just put test into the exclusion field.  It will look like this in the console.
screenshot.png

Thanks,

Matt

 

0 Helpful

Alessandro@ITConsulting
Level 1
Level 1
In response to Matthew Franks

‎05-14-2020 05:49 AM

Hi, 

 

thanks for your information...as I think, it is sufficient to write only name folder.

The optio anydrive will use all drive and :\ befor name folder.

 

thanks.

 

Have a nice day, 

 

Alex.

 

0 Helpful
Customers Also Viewed These Support Documents