Carbon Black Cloud: How to work with wildcards in path based policies
Article ID: 288084
Updated On:
Products
Carbon Black Cloud Endpoint Standard (formerly Cb Defense)
Issue/Introduction
How to better understand wildcards and case sensitivity in a policy's path-based exclusions.
Environment
- Carbon Black Cloud: All Versions
- Microsoft Windows: All Supported Versions
Resolution
Single asterisk ( * )
C:\program files\custom application\
or
C:\program files(x86)\custom application\
Double asterisks ( ** )
C:\Python27\Lib\site-packages\
or
C:\Python27\Lib\site-packages\subdirectory one\
or
C:\Python27\Lib\site-packages\subdirectory one\subdirectory two\
or
C:\Python27\Lib\site-packages\subdirectory one\subdirectory two\subdirectory three\
Leading wildcards for Windows drives
To specify an application that runs on any directory (C:\ or D:\ or F:\), use a question mark ' ? ':
- Matches 0 or more consecutive characters up to a single subdirectory level.
- Basically, it's a wildcard for that directory only. NON-recursive
C:\program files*\custom application\*.exeThis example will affect any executable files in:
C:\program files\custom application\
or
C:\program files(x86)\custom application\
Double asterisks ( ** )
- Matches a partial path across all subdirectory levels.
- Is recursive.
C:\Python27\Lib\site-packages\**- This example will affect any files in that directory and all subdirectories.
C:\Python27\Lib\site-packages\
or
C:\Python27\Lib\site-packages\subdirectory one\
or
C:\Python27\Lib\site-packages\subdirectory one\subdirectory two\
or
C:\Python27\Lib\site-packages\subdirectory one\subdirectory two\subdirectory three\
Leading wildcards for Windows drives
To specify an application that runs on any directory (C:\ or D:\ or F:\), use a question mark ' ? ':
?:\My App\test.exe
Additional Information
All paths for Windows directories are not case-sensitive.
Feedback
Yes
No
Powered by
