Syntax for file and process exclusions in Forefront Endpoint Protection?

Posted by Massimo on Server Fault See other posts from Server Fault or by Massimo
Published on 2012-10-24T11:03:58Z Indexed on 2012/10/25 17:02 UTC
Read the original article Hit count: 555

I can't seem to find an official and up-to-date documentation on how to set up file and process exclusions in Forefront Endpoint Protection 2012.

For file types, which of these will work? Are they the same?

  • ext
  • .ext
  • *.ext

What about wildcards?

  • .e?t
  • .e*
  • .*t

For file paths, which wildcards are allowed and how do they work?

  • C:\path*
  • C:\path\s*e
  • C:\path\somef?le
  • C:\*\somefile
  • C:\pa*\somefile
  • C:\pa?h\somefile
  • *\path
  • *:\path

For processes, can wildcard be used when specifying the file name? Same syntax as file paths?

Also: I read in this post that, as of October 2009, Real Time Protection ignored wildcards; is this still true for the 2012 version?

© Server Fault or respective owner

Related posts about sccm

Related posts about ms-forefront