Forum Discussion
Wildcard syntax at process exclusion list is not effective
Hi
we have a problem with an executable which is establishing a UDP connection to another machine.
The exe can be started, bud defender blocks connection.
Disabling defender result in a succesfull connection.
Adding the process to the process exclusion list is also effective.
BUT!
Using the wildcard syntax as described at
https://learn.microsoft.com/en-us/defender-endpoint/configure-exclusions-microsoft-defender-antivirus
doesn't work at all.
No wikdcard syntax we tried was effective.
We tried:
*
*.exe
c:\*
c:\*.exe
c:\*\myprocess.exe
c:\mydir\*
The only two syntax versions which was effective is:
c:\myDir\myprocess.exe
or
myprocess.exe
So the doumentation seems to be wrong or incomplete.
What is the correct usage of this wildcard notation?
- MatejKlemencicBrass Contributor
Hi LeachimX
To exclude a process using wildcards, you must include the full path of the process. Check this article > https://learn.microsoft.com/en-us/defender-endpoint/configure-process-opened-file-exclusions-microsoft-defender-antivirus#use-wildcards-in-the-process-exclusion-list
If the process is located at c:\myDir\myprocess.exe then c:\*\myprocess.exe should work. Keep in mind that if multiple folders are used then you need to use * (asterisk) for each folder. Example: C:\myDir1\myDir2\myprocess.exe > C:\*\*\myprocess.exe
- zdarskyCopper Contributor
I am not sure if you have read my post.
I already Provided the link you just have reposted.
And as mentioned, no, the syntax is not working, and i already gave an example for this .
Regards
Michael
- MatejKlemencicBrass Contributor
Hi zdarsky
I did read your post thoroughly. However, the link you provided doesn't point to the same article as mine.
The examples you provided were mostly incorrect. Could you clarify why you want to use a wildcard? Specifically, do you need it for the process name or the folder? This detail might help. Additionally, it would be helpful to know if you are configuring the exclusion directly on a device or through GPO, Intune, SCCM, etc.