Windows Scanning Exclusions: Wildcards and Variables
When you specify the files, folders or processes you want to exclude from scanning, you can use wildcards or variables.
Scanning exclusions
Be careful when you set up scanning exclusions as you can increase the risk to your systems and reduce your protection.
Make your scanning exclusions as specific as possible. It's risky to generalize the exclusion to cover more files and folders than you need to.
For example if you set up a scanning exclusion for C: this excludes all locations that begin with C: and all of your C drive. We recommend that you don't set up a scanning exclusion for any drive.
Check your current policies and scanning exclusions to make sure you aren't excluding any of the following locations from scanning.
- C:\Windows\
- C:\ProgramData\
- C:\Users\<Username>\
- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\
We recommend that these locations aren't excluded from scanning as excluding them reduces your protection significantly.
Wildcards
You can use wildcards when you set up scanning exclusions. Make your wildcards as specific as possible. It's risky to generalize the exclusion to cover more files and folders that you need to.
You can use the wildcards shown in this table.
Token |
Matches |
Comments |
---|---|---|
* (Star) |
Zero or more of any character except \ or / |
|
** (Star Star) |
Zero or more characters including \ and /, when bracketed by \ or / characters or used at the start or end of an exclusion. Any other use of a ** is treated as a single * and matches zero or more characters excluding \ and /. |
For example:
|
\ (Backslash) |
Either \ or / |
Be careful if you use this wildcard to set up exclusions as it reduces your protection. For example, if you set up an exclusion using just this wildcard it excludes everything in every folder from the root of the drive down. We recommend that you don't use this wildcard by itself. |
/ (Forward slash) |
Either / or \ |
Be careful if you use this wildcard to set up exclusions as it reduces your protection. For example, if you set up an exclusion using just this wildcard it excludes everything in every folder from the root of the drive down. We recommend that you don't use this wildcard by itself. |
? (Question mark) |
One single character. If it is at the end of a string it can match zero characters. |
|
. (Period) |
A period OR the empty string at the end of a filename, if the pattern ends in a period and the filename does not have an extension. |
Note that:
|
Example wildcards
Here are some examples of the use of wildcards.
Expression |
Interpreted as |
Description |
---|---|---|
foo |
**\foo |
Exclude any file named foo (in any location). |
foo\bar |
**\foo\bar |
Exclude any file named bar in a folder named foo (in any location). |
*.txt |
**\*.txt |
Exclude all files named *.txt (in any location). |
C:\foo\ |
C:\foo\ |
All files and folders underneath C:\foo, including C:\foo itself. |
C:\foo\*.txt |
C:\foo\*.txt |
All files or folders contained in C:\foo named *.txt. |
Variables for exclusions
You can use variables when you set up scanning exclusions. Make your variables as specific as possible. It's risky to generalize the exclusion to cover more files and folders that you need to.
Be careful if you use the following variables to set up exclusions as they decrease your protection.
- %programdata%: This excludes C:\ProgramData\ from scanning.
- %USERPROFILE%: This excludes C:\Users\**\ from scanning.
- %temp%: This excludes C:\Users\**\AppData\Local\Temp\ from scanning.
- %appdata%: This excludes C:\Users\**\AppData\Roaming\ from scanning.
- %WINDIR%: This excludes C:\Windows\ from scanning.
- %WINDIR%\System32\: This excludes C:\Windows\System32\ from scanning.
- %WINDIR%\Syswow64\: This excludes C:\Windows\Syswow64\ from scanning.
- %windir%\Temp\%: This excludes C:\Windows\Temp\ from scanning.
The table below shows variables and examples of the locations they correspond to on each operating system.
Variable |
Windows 7 and later Windows Server 2008 and later |
---|---|
%allusersprofile% |
C:\ProgramData |
%appdata% |
C:\Users\*\AppData\Roaming Be careful if you use this variable to set up exclusions as it reduces your protection. |
%commonprogramfiles% |
C:\Program Files\Common Files |
%commonprogramfiles(x86)% |
C:\Program Files (x86)\Common Files |
%localappdata% |
C:\Users\*\AppData\Local |
%programdata% |
C:\ProgramData Be careful if you use this variable to set up exclusions as it reduces your protection. |
%programfiles% |
C:\Program Files Be careful if you use this variable to set up exclusions as it reduces your protection. |
%programfiles(x86)% |
C:\Program Files (x86) Be careful if you use this variable to set up exclusions as it reduces your protection. |
%temp% or %tmp% |
C:\Users\*\AppData\Local\Temp Be careful if you use this variable to set up exclusions as it reduces your protection. |
%userprofile% |
C:\Users\* |
%windir% |
C:\Windows Be careful if you use this variable to set up exclusions as it reduces your protection. |