The Endpoint Agent applies the filters in the following order:
Example 1: Consider that the Agents are configured with the following configuration:
Ignore Files in Path *\application data*
Include Files in Path *\agenttest*
Case A: User copies a file to c:\documents and settings\application data\microsoft folder, the file will match the “Ignore files in Path” filter but not the “Include files in Path” filter and hence the file will be ignored.
Case B: User copies a file to c:\agenttest folder. The file will be monitored.
Case C: User copies a file to c:\my documents folder. The file will not be monitored.
Example 2: Consider that the Agents are configured with the following configuration:
Ignore Files in Path *\application data*
Include Files in Path *\agenttest*
Ignore file types .tmp;.txt
Include file types .doc;.xls;*.ppt
Case A: The user renames a readme.doc file to readme.tmp and drops it under c:\agenttest\ folder drops. The file will match “Include files in Path” filter, it will then match the *.tmp Ignore file types filter, so the file should actually be ignored, however, since the file signature of readme.tmp will match the signature of *.doc files, the file will eventually be monitored.
Case B: User copies a readme.txt file to c:\agenttest folder. The will not be monitored.
Case C: User copies expense_report.xls file to c:\agenttest folder. The file will be monitored.
Case D: User copies presentation.ppt file to c:\my documents folder. The file will not be monitored.
A new feature has been added in Vontu 7.1 whereby a user can specify an exception to Ignore Files in path rule, for example, Consider that the Agents are configured with the following configuration:
Ignore Files in Path *\application data*
Include Files in Path *\application data\microsoft*
Case A: User copies a file to c:\documents and settings\application data\microsoft folder, the file will match the *Ignore files in Path" filter and also the *Include files in Path" filter and hence the file will be monitored.
Case B: User copies a file to c:\application data folder. The file will not be monitored.
In Vontu 7.0, if a user configures the agent with the above configuration, it would result in files under c:\application data\microsoft, as ignored.
Note: If a filter configuration is empty or left blank then that filter is not applied. File Size filters are applied at the end as the actual size for newer files are not known until the file is closed.
Supported wildcards are * and ?.