Windows Scanning Exclusions: Wildcards and Variables

When you specify the files, folders or processes you want to exclude from scanning, you can use wildcards or variables.

Scanning exclusions

Warning Scanning exclusions may significantly reduce your protection. Only use them if you understand the risks.

Be careful when you set up scanning exclusions as you can increase the risk to your systems and reduce your protection.

Make your scanning exclusions as specific as possible. It's risky to generalize the exclusion to cover more files and folders than you need to.

For example if you set up a scanning exclusion for C: this excludes all locations that begin with C: and all of your C drive. We recommend that you don't set up a scanning exclusion for any drive.

Check your current policies and scanning exclusions to make sure you aren't excluding any of the following locations from scanning.

  • C:\Windows\
  • C:\ProgramData\
  • C:\Users\<Username>\
  • C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\

We recommend that these locations aren't excluded from scanning as excluding them reduces your protection significantly.

Wildcards

You can use wildcards when you set up scanning exclusions. Make your wildcards as specific as possible. It's risky to generalize the exclusion to cover more files and folders that you need to.

You can use the wildcards shown in this table.

Token

Matches

Comments

* (Star)

Zero or more of any character except \ or /

** (Star Star)

Zero or more characters including \ and /, when bracketed by \ or / characters or used at the start or end of an exclusion.

Any other use of a ** is treated as a single * and matches zero or more characters excluding \ and /.

For example:

  • c:\foo\**\bar matches: c:\foo\bar, c:\foo\more\bar, c:\foo\even\more\bar
  • **\bar matches c:\foo\bar
  • c:\foo\** matches c:\foo\more\bar

\ (Backslash)

Either \ or /

Be careful if you use this wildcard to set up exclusions as it reduces your protection.

For example, if you set up an exclusion using just this wildcard it excludes everything in every folder from the root of the drive down.

We recommend that you don't use this wildcard by itself.

/ (Forward slash)

Either / or \

Be careful if you use this wildcard to set up exclusions as it reduces your protection.

For example, if you set up an exclusion using just this wildcard it excludes everything in every folder from the root of the drive down.

We recommend that you don't use this wildcard by itself.

? (Question mark)

One single character. If it is at the end of a string it can match zero characters.

. (Period)

A period OR the empty string at the end of a filename, if the pattern ends in a period and the filename does not have an extension.

Note that:

  • *. matches all files without an extension
  • "foo." matches "foo" and "foo."

Example wildcards

Here are some examples of the use of wildcards.

Expression

Interpreted as

Description

foo

**\foo

Exclude any file named foo (in any location).

foo\bar

**\foo\bar

Exclude any file named bar in a folder named foo (in any location).

*.txt

**\*.txt

Exclude all files named *.txt (in any location).

C:\foo\

C:\foo\

All files and folders underneath C:\foo, including C:\foo itself.

C:\foo\*.txt

C:\foo\*.txt

All files or folders contained in C:\foo named *.txt.

Variables for exclusions

You can use variables when you set up scanning exclusions. Make your variables as specific as possible. It's risky to generalize the exclusion to cover more files and folders that you need to.

Be careful if you use the following variables to set up exclusions as they decrease your protection.

  • %programdata%: This excludes C:\ProgramData\ from scanning.
  • %USERPROFILE%: This excludes C:\Users\**\ from scanning.
  • %temp%: This excludes C:\Users\**\AppData\Local\Temp\ from scanning.
  • %appdata%: This excludes C:\Users\**\AppData\Roaming\ from scanning.
  • %WINDIR%: This excludes C:\Windows\ from scanning.
  • %WINDIR%\System32\: This excludes C:\Windows\System32\ from scanning.
  • %WINDIR%\Syswow64\: This excludes C:\Windows\Syswow64\ from scanning.
  • %windir%\Temp\%: This excludes C:\Windows\Temp\ from scanning.

The table below shows variables and examples of the locations they correspond to on each operating system.

Variable

Windows 7 and later

Windows Server 2008 and later

%allusersprofile%

C:\ProgramData

%appdata%

C:\Users\*\AppData\Roaming

Be careful if you use this variable to set up exclusions as it reduces your protection.

%commonprogramfiles%

C:\Program Files\Common Files

%commonprogramfiles(x86)%

C:\Program Files (x86)\Common Files

%localappdata%

C:\Users\*\AppData\Local

%programdata%

C:\ProgramData

Be careful if you use this variable to set up exclusions as it reduces your protection.

%programfiles%

C:\Program Files

Be careful if you use this variable to set up exclusions as it reduces your protection.

%programfiles(x86)%

C:\Program Files (x86)

Be careful if you use this variable to set up exclusions as it reduces your protection.

%temp% or %tmp%

C:\Users\*\AppData\Local\Temp

Be careful if you use this variable to set up exclusions as it reduces your protection.

%userprofile%

C:\Users\*

%windir%

C:\Windows

Be careful if you use this variable to set up exclusions as it reduces your protection.