Exploit mitigation or ransomware wildcards and variables
You can use wildcards or variables when you add exclusions for exploit mitigation or ransomware protection.
Using wildcards and variables safely
Be careful if you use wildcards or variables to set up exclusions because they decrease your protection. Make your exclusions as specific as possible. It's risky to generalize the exclusion to cover more files and folders than you need to.
If you want to exclude applications or folders from protection for some users or devices, you can do this using an Endpoint Threat Protection policy. See Threat Protection Policy.
If you want to exclude applications or folders from protection for some servers, you can do this using a Server Threat Protection policy. See Server Threat Protection Policy.
Adding exclusions reduces your protection, so we recommend that you use policies to target users and devices where the exclusion is necessary.
Wildcards
You can use the wildcards shown in this table.
Token | Matches |
---|---|
* (Star) | Zero or more of any character except For example: |
** (Star Star) | Zero or more characters including Any other use of a For example:
|
? (Question mark) | One single character. If it is at the end of a string it can match zero characters. For example: |
. (Period) | A period or the empty string at the end of a filename, if the pattern ends in a period and the filename does not have an extension. Note that For example: |
Note
At the start of a path only the ** wildcard is supported. You can exclude drives in other ways. For information on how to do this see the list of variables that follows.
Variables
You can use variables when you set up exclusions. Make your variables as specific as possible. It's risky to generalize the exclusion to cover more files and folders that you need to.
Be careful if you use the following variables to set up exclusions as they decrease your protection.
$
: This excludes your selected application on all available drives from exploit mitigation or ransomware protection.$temp
: This excludesC:\Windows\Temp
from exploit mitigation or ransomware protection.$appdata
: This excludesC:\Users\**\AppData\
from exploit mitigation or ransomware protection.$System32
: This excludesC:\Windows\System32\
andC:\Windows\Syswow64\
from exploit mitigation or ransomware protection.$windows
: This excludesC:\Windows\
from exploit mitigation or ransomware protection.$profile
: This excludesC:\Users\<user>\
from exploit mitigation or ransomware protection..
You can use the variables shown in this table.
Variable | Example |
---|---|
$ | All available drives. For example, Be careful if you use this variable to set up exclusions as it reduces your protection. |
$admintools |
|
$appdata |
Be careful if you use this variable to set up exclusions as it reduces your protection. |
$cache |
|
$clickonce |
|
$commonprogramfiles |
|
$contacts |
|
$desktop |
|
$downloads |
|
$favorites |
|
$fonts |
|
$links |
|
$music |
|
$nethood |
|
$personal |
|
$pictures |
|
$printhood |
|
$profile |
Be careful if you use this variable to set up exclusions as it reduces your protection. |
$programfiles |
Be careful if you use this variable to set up exclusions as it reduces your protection. |
$programs |
|
$sendto |
|
$startmenu |
|
$startup |
|
$system32 |
Be careful if you use this variable to set up exclusions as it reduces your protection. |
$temp |
Be careful if you use this variable to set up exclusions as it reduces your protection. |
$templates |
|
$video |
|
$windows |
Be careful if you use this variable to set up exclusions as it reduces your protection. |
$winsxs | C:\Windows\winsxs\*\ |