Forum Discussion
Wildcard syntax at process exclusion list is not effective
MatejKlemencic
The link you provide was just a sub chapter of the general topic.
The examples I provide listed the paths we tried
containing exactly your example as an option we tried.
And also your example is not effective.
So again - the option c:\*\myprocess.exe is NOT working.
We are using the GUI from OS settings dialog to try.
The paths entered can than be seen in the registry
Also directly entering it in the registry. Nothing helps.
Initially we tried to enable a bunch of executables until we realized that the wildcard syntax is not effective. And the reason doesn't matter. The point is, the wildcard syntax is not working.
Then we switched to white listing the single executables.
Again: the only optios which were effect were:
c.\mydir\myprocess.exe
and
myprocess.exe
EVERY other wildcard syntax was NOT effectiv, regardless the different possibilities given in the microsoft documentation. So from our perspective the documentation is definitely wrong.
Regards
Michael
Did you try to add it as a ExclusionPath? I'm curious to see if it makes any difference.
PowerShell (as administrator):
Add-MpPreference -ExclusionPath c:\*\myprocess.exe
MatejKlemencic
Hi
I don't know what you are going to try.
The point is
when we don't add the correct exclusion for the process, the UDP connection is blocked.
So again
We are talking about blocked UDP connections, when exclusion is missing in processes
The executable is RUNNING.
The connection is blocked the exe is trying to establish.adding the process to the excusion list, and the connection can be established.
But yes, all necessary paths are already excluded from scanning.
RegardsMichael
