App Control: How to Use Wildcards in Custom Rules
search cancel

App Control: How to Use Wildcards in Custom Rules

book

Article ID: 286791

calendar_today

Updated On:

Products

Carbon Black App Control (formerly Cb Protection)

Issue/Introduction

This article provides wildcard usage within Custom Rules.

Environment

  • App Control Console: All Supported Versions
  • App Control Agent: All Supported Versions

Resolution

App Control recognizes the following wildcard characters:
  • Multiple Characters: *
    Example: C:\ProgramData\AccountingSoftware\*.dll
  • Single Character: ?
    Example: C:\ProgramData\AccountingSoftware\version??.??\*.dll
  • Ending a Path: Ending a path with a backslash will be recursive through all files, folders, and subfolders. The two paths in the example below would be identical
    Example One: C:\ProgramData\AccountingSoftware\
    Example Two: C:\ProgramData\AccountingSoftware\*
  • Specifying a Directory: App Control will treat any path that does not end with a backslash as a file name.
    Valid Directory: C:\ProgramData\AccountingSoftware\
    Not a Valid Directory: C:\ProgramData\AccountingSoftware
  • Using With Macros: Wildcards are not allowed in a Macro Condition, but can be used in a Macro Value.
    Macro Structure: <OnlyIf:Condition:Value>
    Example: <OnlyIf:Hostname:*FileServer0?>*\temp\*.txt

Additional Information

  • System Variables (%username%) are not recognized by App Control.
  • The asterisk will be recursive through all directories and subdirectories.
  • Any path that has no slash or drive letter has "*\" (for Windows) or "*/" (for Mac and Linux) added at the beginning of the path.
  • Case Sensitivity of paths is dictated by the Operating System. Windows and macOS systems are not normally case sensitive.
  • More information can be found in the User Guide chapter, "Custom Software Rules" found on VMware Docs > Server Documentation > User Guide.