Specify scanning exclusions

Standard naming conventions

Sophos Anti-Virus validates the paths and file names of scanning exclusion items against standard Windows naming conventions. For example, a folder name may contain spaces but may not contain only spaces.

Warning Scanning exclusions may significantly reduce your protection. Only use them if you understand the risks.

Be careful when you set up scanning exclusions as you can increase the risk to your systems and reduce your protection. Make your scanning exclusions as specific as possible. It's risky to generalize the exclusion to cover more files and folders than you need to.

For example if you set up a scanning exclusion for C: this excludes all locations that begin with C: and all of your C drive. We recommend that you don't set up a scanning exclusion for any drive.

Check your current policies and scanning exclusions to make sure you aren't excluding any of the following locations from scanning.

  • C:\Windows\
  • C:\ProgramData\
  • C:\Users\<Username>\
  • C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\

We recommend that these locations aren't excluded from scanning as excluding them reduces your protection significantly.

Multiple file extensions

File names with multiple extensions are treated as if the last extension is the extension and the rest are part of the file name:

MySample.txt.doc = file name MySample.txt + extension .doc.

Excluding specific files, folders, processes, or drives

Exclusion type

Description

Examples

Comments

Specific file

Specify both the path and file name to exclude a specific file. The path can include a drive letter or network share name.

 C:\Documents\CV.doc

\\Server\Users\Documents\CV.doc

To make sure that exclusions are always applied correctly, add both the long and 8.3-compliant file and folder names:

C:\Program Files\Sophos\Sophos Anti-Virus

C:\Progra~1\Sophos\Sophos~1

For more information, see knowledgebase article 13045.

Specific process

Specify both the path and the file name to exclude a specific executable file (process).

C:\Windows\notepad.exe

You must specify the full path.

All files with the same name

Specify a file name without a path to exclude all files with that name wherever they are located in the file system.

spacer.gif

Specific folder

Specify a folder path including a drive letter or network share name to exclude everything in that folder and below.

D:\Tools\logs\

Include a trailing slash after the folder name.

All folders with the same name

Specify a folder path without a drive letter or network share name to exclude everything from that folder and below on any drive or network share.

\Tools\logs\

(excludes the following folders: C:\Tools\logs\, \\Server\Tools\logs\)

You must specify the entire path up to the drive letter or network share name. In this example, specifying \logs\ would not exclude any files.

Wildcards

You can use wildcards when you set up scanning exclusions. Make your wildcards as specific as possible. It's risky to generalize the exclusion to cover more files and folders that you need to.

You can use the wildcards shown in this table.

Token

Matches

Comments

* (Star)

Zero or more of any character except \ or /.

For example:

c:\*\*.txt excludes all files named *.txt in the top level folders on C:\.

You cannot use * to exclude a folder.

** (Star Star)

Zero or more of any characters including \ and /, when bracketed by \ or / characters or used at the start or end of an exclusion.

Any other use of ** is treated a single * and matches zero or more of any character except \ or /.

For example:

  • c:\foo\**\bar matches: c:\foo\bar, c:\foo\more\bar, c:\foo\even\more\bar
  • **\bar matches c:\foo\bar
  • c:\foo\** matches c:\foo\more\bar
  • c:\foo**bar matches c:\foomorebar but NOT c:\foo\more\bar

\ (Backslash)

Either \ or /.

Be careful if you use this wildcard to set up exclusions as it reduces your protection.

For example, if you set up an exclusion using just this wildcard it excludes everything in every folder from the root of the drive down.

We recommend that you don't use this wildcard by itself.

/ (Forward slash

Either / or \.

Be careful if you use this wildcard to set up exclusions as it reduces your protection.

For example, if you set up an exclusion using just this wildcard it excludes everything in every folder from the root of the drive down.

We recommend that you don't use this wildcard by itself.

? (Question mark)

One single character, unless at the end of a string where it can match zero characters.

. (Period)

A period OR the empty string at the end of a filename, if the pattern ends in a period and the filename does not have an extension.

Note that:

  • *.* matches all files
  • *. matches all files without an extension
  • "foo." matches "foo" and" "foo."

Examples

Here are some examples of the use of wildcards.

Expression

Interpreted as

Description

foo

**\foo

Exclude any file named foo (in any location).

foo\bar

**\foo\bar

Exclude any file named bar in a folder named foo (in any location).

*.txt

**\*.txt

Exclude all files named *txt (in any location).

C:\foo\

C:\foo\

All files and folders underneath C:\foo, including C:\foo itself.

C:\foo\*.txt

C:\foo\*.txt

All files contained in C:\foo named *.txt.

Variables for exclusions

You can use variables when you set up scanning exclusions. Make your variables as specific as possible. It's risky to generalize the exclusion to cover more files and folders that you need to.

Be careful if you use the following variables to set up exclusions as they decrease your protection.

  • %programdata%: This excludes C:\ProgramData\ from scanning.
  • %USERPROFILE%: This excludes C:\Users\**\ from scanning.
  • %temp%: This excludes C:\Users\**\AppData\Local\Temp\ from scanning.
  • %appdata%: This excludes C:\Users\**\AppData\Roaming\ from scanning.
  • %WINDIR%: This excludes C:\Windows\ from scanning.
  • %WINDIR%\System32\: This excludes C:\Windows\System32\ from scanning.
  • %WINDIR%\Syswow64\: This excludes C:\Windows\Syswow64\ from scanning.
  • %windir%\Temp\%: This excludes C:\Windows\Temp\ from scanning.

The table below shows the variables and examples of the locations they correspond to on each operating system.

Variable

Windows 7 or later, Windows Server 2008 or later

%allusersprofile%\

C:\ProgramData\

Be careful if you use this variable to set up exclusions as it reduces your protection.

%appdata%\

C:\Users\*\AppData\Roaming\

Be careful if you use this variable to set up exclusions as it reduces your protection.

%commonprogramfiles%\

C:\Program Files\Common Files\

%commonprogramfiles(x86)%\

C:\Program Files (x86)\Common Files\

%localappdata%\

C:\Users\*\AppData\Local\

%programdata%\

C:\ProgramData\

Be careful if you use this variable to set up exclusions as it reduces your protection.

%programfiles%\

C:\Program Files\

%programfiles(x86)%\

C:\Program Files (x86)\

%systemroot%\

C:\Windows\

%temp%\ or %tmp%\

C:\Users\*\AppData\Local\Temp\

Be careful if you use this variable to set up exclusions as it reduces your protection.

%userprofile%\

C:\Users\*\

%windir%\

C:\Windows\

Be careful if you use this variable to set up exclusions as it reduces your protection.