Specify scanning exclusions
Standard naming conventions
Sophos Anti-Virus validates the paths and file names of scanning exclusion items against standard Windows naming conventions. For example, a folder name may contain spaces but may not contain only spaces.
Be careful when you set up scanning exclusions as you can increase the risk to your systems and reduce your protection. Make your scanning exclusions as specific as possible. It's risky to generalize the exclusion to cover more files and folders than you need to.
For example if you set up a scanning exclusion for C: this excludes all locations that begin with C: and all of your C drive. We recommend that you don't set up a scanning exclusion for any drive.
Check your current policies and scanning exclusions to make sure you aren't excluding any of the following locations from scanning.
- C:\Windows\
- C:\ProgramData\
- C:\Users\<Username>\
- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\
We recommend that these locations aren't excluded from scanning as excluding them reduces your protection significantly.
Multiple file extensions
File names with multiple extensions are treated as if the last extension is the extension and the rest are part of the file name:
MySample.txt.doc = file name MySample.txt + extension .doc.
Excluding specific files, folders, processes, or drives
Exclusion type |
Description |
Examples |
Comments |
---|---|---|---|
Specific file |
Specify both the path and file name to exclude a specific file. The path can include a drive letter or network share name. |
C:\Documents\CV.doc \\Server\Users\Documents\CV.doc |
To make sure that exclusions are always applied correctly, add both the long and 8.3-compliant file and folder names: C:\Program Files\Sophos\Sophos Anti-Virus C:\Progra~1\Sophos\Sophos~1 For more information, see knowledgebase article 13045. |
Specific process |
Specify both the path and the file name to exclude a specific executable file (process). |
C:\Windows\notepad.exe |
You must specify the full path. |
All files with the same name |
Specify a file name without a path to exclude all files with that name wherever they are located in the file system. |
spacer.gif |
|
Specific folder |
Specify a folder path including a drive letter or network share name to exclude everything in that folder and below. |
D:\Tools\logs\ |
Include a trailing slash after the folder name. |
All folders with the same name |
Specify a folder path without a drive letter or network share name to exclude everything from that folder and below on any drive or network share. |
\Tools\logs\ (excludes the following folders: C:\Tools\logs\, \\Server\Tools\logs\) |
You must specify the entire path up to the drive letter or network share name. In this example, specifying \logs\ would not exclude any files. |
Wildcards
You can use wildcards when you set up scanning exclusions. Make your wildcards as specific as possible. It's risky to generalize the exclusion to cover more files and folders that you need to.
You can use the wildcards shown in this table.
Token |
Matches |
Comments |
---|---|---|
* (Star) |
Zero or more of any character except \ or /. |
For example: c:\*\*.txt excludes all files named *.txt in the top level folders on C:\. You cannot use * to exclude a folder. |
** (Star Star) |
Zero or more of any characters including \ and /, when bracketed by \ or / characters or used at the start or end of an exclusion. Any other use of ** is treated a single * and matches zero or more of any character except \ or /. |
For example:
|
\ (Backslash) |
Either \ or /. |
Be careful if you use this wildcard to set up exclusions as it reduces your protection. For example, if you set up an exclusion using just this wildcard it excludes everything in every folder from the root of the drive down. We recommend that you don't use this wildcard by itself. |
/ (Forward slash |
Either / or \. |
Be careful if you use this wildcard to set up exclusions as it reduces your protection. For example, if you set up an exclusion using just this wildcard it excludes everything in every folder from the root of the drive down. We recommend that you don't use this wildcard by itself. |
? (Question mark) |
One single character, unless at the end of a string where it can match zero characters. |
|
. (Period) |
A period OR the empty string at the end of a filename, if the pattern ends in a period and the filename does not have an extension. |
Note that:
|
Examples
Here are some examples of the use of wildcards.
Expression |
Interpreted as |
Description |
---|---|---|
foo |
**\foo |
Exclude any file named foo (in any location). |
foo\bar |
**\foo\bar |
Exclude any file named bar in a folder named foo (in any location). |
*.txt |
**\*.txt |
Exclude all files named *txt (in any location). |
C:\foo\ |
C:\foo\ |
All files and folders underneath C:\foo, including C:\foo itself. |
C:\foo\*.txt |
C:\foo\*.txt |
All files contained in C:\foo named *.txt. |
Variables for exclusions
You can use variables when you set up scanning exclusions. Make your variables as specific as possible. It's risky to generalize the exclusion to cover more files and folders that you need to.
Be careful if you use the following variables to set up exclusions as they decrease your protection.
- %programdata%: This excludes C:\ProgramData\ from scanning.
- %USERPROFILE%: This excludes C:\Users\**\ from scanning.
- %temp%: This excludes C:\Users\**\AppData\Local\Temp\ from scanning.
- %appdata%: This excludes C:\Users\**\AppData\Roaming\ from scanning.
- %WINDIR%: This excludes C:\Windows\ from scanning.
- %WINDIR%\System32\: This excludes C:\Windows\System32\ from scanning.
- %WINDIR%\Syswow64\: This excludes C:\Windows\Syswow64\ from scanning.
- %windir%\Temp\%: This excludes C:\Windows\Temp\ from scanning.
The table below shows the variables and examples of the locations they correspond to on each operating system.
Variable |
Windows 7 or later, Windows Server 2008 or later |
---|---|
%allusersprofile%\ |
C:\ProgramData\ Be careful if you use this variable to set up exclusions as it reduces your protection. |
%appdata%\ |
C:\Users\*\AppData\Roaming\ Be careful if you use this variable to set up exclusions as it reduces your protection. |
%commonprogramfiles%\ |
C:\Program Files\Common Files\ |
%commonprogramfiles(x86)%\ |
C:\Program Files (x86)\Common Files\ |
%localappdata%\ |
C:\Users\*\AppData\Local\ |
%programdata%\ |
C:\ProgramData\ Be careful if you use this variable to set up exclusions as it reduces your protection. |
%programfiles%\ |
C:\Program Files\ |
%programfiles(x86)%\ |
C:\Program Files (x86)\ |
%systemroot%\ |
C:\Windows\ |
%temp%\ or %tmp%\ |
C:\Users\*\AppData\Local\Temp\ Be careful if you use this variable to set up exclusions as it reduces your protection. |
%userprofile%\ |
C:\Users\*\ |
%windir%\ |
C:\Windows\ Be careful if you use this variable to set up exclusions as it reduces your protection. |