Wildcards in script control exclusions
You can use the asterisk (*) as a wildcard when specifying exclusions in the
Using wildcards in script control exclusions reduces the number of alerts displayed in your console while allowing users to run certain scripts that match the exclusion path and filename. For example, you can exclude a specific script by using its full name, or you can use the wildcard to match a group of scripts that share a similar name.
Although the use of wildcards in exclusions provides flexibility, it can also lower your security stance if your exclusions are too broad. For example, avoid excluding entire folders such as
/windows/temp. Instead, use a wildcard while specifying the full or partial filename of the script that you want to exclude (for example,
The following table describes the rules of script control exclusions:
Supported wildcard characters
Only the asterisk (*) is supported as a wildcard for script control exclusions.
The wildcard represents one or more characters.
If you are using wildcards, exclusions must use Unix-style slashes (even for
When you want to exclude a folder, the exclusion must have a wildcard at the end of the path to distinguish the exclusion as a folder (and not a file).
When you want to exclude a file, the exclusion must end with a file extension to distinguish the exclusion as a file (and not a folder). For example:
For each folder level, you can use one wildcard only.
Each wildcard represents one folder level only. The number of folder levels represented in the exclusion must match the level of the file that you are trying to exclude.
Process exclusions with a wildcard must have a file extension to distinguish it as a process exclusion (and not a folder).
To specify a process regardless of the directory that it's in, refer to the following examples:
To specify a process that's in a specific directory, refer to the following examples:
Examples of full and partial matches in exclusions
Wildcards support full and partial exclusions.
Absolute paths are not supported in script control exclusions.
If you can identify a common relative path, you can exclude Universal Naming Convention (UNC) paths with a wildcard. For example, if you use device names in a path such as "DC01" to "DC24":
Network paths can be excluded. For example: