Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Swiftyyyy
Explorer

Clarification regarding Anti-Malware Blade Exclusion Syntax

Jump to solution

Hello,

I'm looking for clarification regarding the syntax used within the Harmony Endpoint Anti-Malware Blade.
Specifically I'm asking in regards to creating directory and file exceptions under the "Periodic Scan" options as well as the "Scan All Files on Access" options.

1) Am I correct to assume that different syntax rules apply to these distinct sections of the same Anti-Malware Blade?

While the Endpoint Security R80.30 Administration guide specifies the use of environmental variables as acceptable for the "Scan All Files on Access" set of options, can you confirm that environmental variables can't be used within the "Periodic Scan" list of exclusions?

2) Within the list of exclusions for "Periodic Scan" options, how are Wildcards handled?

Exclusions of a specific filetype are mentioned within the documentation, however the only example given does not contain a full path to a directory; rather the implication seems to be that the exclusion is entirely global.

"*.txt" would exclude all ".txt" files from scanning; filesystem wide?
Can I specify a filepath preceeding the file-type exclusion, for example "C:\Program Files\*.txt"? Would this be a valid exclusion? 

And to expand on the previous example, how flexible is the utilization of wildcards, can I use them to exclude numbered files? For example assume the directory "C:\Documents\" contains several .doc files with the same name, but including sequential numbering (document1.doc, document2.doc, document3.doc), would this exclusion entry work? "C:\Documents\document*.doc

Likewise, can I use the wildcard symbol to exclude files with the same filename but different extension, taking files "document.doc, document.pdf" and excluding both through "C:\Documents\document.*"

Thank you!

 

0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin

Have you seen this?
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

At least from reading this, it seems:

  • Environment variables can be used for Files and Folders Exclusions for the periodic scan.
  • If you want to exclude all text files from getting scanned, then you'd just use *.txt
  • If you want to exclude certain types of files in a specific directory from getting scanned, you'd use c:\Documents\*.doc

View solution in original post

1 Reply
PhoneBoy
Admin
Admin

Have you seen this?
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

At least from reading this, it seems:

  • Environment variables can be used for Files and Folders Exclusions for the periodic scan.
  • If you want to exclude all text files from getting scanned, then you'd just use *.txt
  • If you want to exclude certain types of files in a specific directory from getting scanned, you'd use c:\Documents\*.doc

View solution in original post