Use wildcards in script control exclusions
With agent 1490 and later, you can use “*” as a wildcard in a script control exclusion. The wildcard can exclude a folder or a script.
Using script control exclusions with wildcards should reduce the number of alerts displayed in your console. By allowing the exclusion of full or partial script names, you do not need to exclude an entire folder. By allowing the exclusion of partial script names, you can exclude a portion of the script name that is common for a group of scripts they want to exclude.
While using wildcards provides flexibility in allowing exclusions, it can also lower your security stance if the exclusion is too broad. For example, excluding the entire \Windows\Temp folder is not recommended. However, if a program or file you trust puts a script in the \Windows\Temp folder and
CylancePROTECT Desktopblocks it, you can use a wildcard as part of the file name to exclude that script.
Things to know about wildcard support
Wildcard exclusions must use Unix-style slashes for
Wildcard exclusions use regular expressions (regex).
Supported wildcard characters
The only token support for wildcards is *.
Wildcard exclusions give you the flexibility to exclusively allow the script or macro file, as long as there is a * at any given path per examples below. Note that this does not apply to Access databases.
Folder exclusions with a wildcard must have a wildcard at the end of the path to differentiate between a folder and a file.
File exclusions with a wildcard must have a file extension to differentiate between a file and a folder.
Process exclusions with a wildcard must have a file extension to differentiate between a file and a folder.
Add the name of the process regardless of the directory
Add a process from a directory
Full and partial exclusions
Wildcards support full and partial exclusions.
If you can identify a common relative path, you can exclude Universal Naming Convention (UNC) paths with a wildcard.
Network paths can also be excluded: