Virtual Server Scanning Exclusions: Wildcards

Virtual Server exclusions let you exclude items from scanning on Windows guest VMs that are protected by a Sophos security VM.

Caution Think carefully before you add scanning exclusions because doing so may reduce your protection.

You can exclude a drive, folder or file by full path, just as you can for other Windows computers.

However, there are restrictions on specifying items without a full path and also on the use of wildcards. See the details below and the examples.

Items without a full path

You can specify a file without a full path, for example file.com. You must include the extension. The security VM will exclude any file with this name.

You cannot specify folders without a full path.

Wildcards

You can use the wildcards shown in this table.

Note Only * and ? can be used on Windows XP and Windows Server 2003.

Token

Matches

Comments

* (Star)

Zero or more of any character except \ or /

** (Star Star)

Zero or more characters including \ and /, when bracketed by \ or / characters or used at the start or end of an exclusion.

Any other use of a ** is treated as a single * and matches zero or more characters excluding \ and /.

For example:

  • c:\foo\**\bar matches: c:\foo\bar, c:\foo\more\bar, c:\foo\even\more\bar
  • **\bar matches c:\foo\bar
  • c:\foo\** matches c:\foo\more\bar

\ (Backslash)

Either \ or /

/ (Forward slash)

Either / or \

? (Question mark)

One single character. If it is at the end of a string it can match zero characters.

. (Period)

A period OR the empty string at the end of a filename, if the pattern ends in a period and the filename does not have an extension.

Note that:

  • *.* matches all files
  • *. matches all files without an extension
  • "foo." matches "foo" and "foo."

Exclusions that work

The expressions shown in this table are valid for Virtual Server exclusions.

Exclusion

Notes

D:

Excludes the entire drive.

C:\programdata\adobe\photoshop\

Excludes the folder (you must include the final slash).

C:\program files\program\*.com

Excludes files with a .com extension in the specified folder.

file.com

Excludes files with this name in any location (full path not needed).

file.*

Excludes all files called "file", with any extension, in all locations.

*.com

Excludes all files with a .com extension in all locations.

*.*

Excludes all files in all locations.

C:\file??.docx

Excludes C:\file12.exe (but not C:\file123.exe).