The Application and Device Control (ADC) feature in Symantec Endpoint Protection (SEP) 11.0 and 12.1 can use Regular Expression (or "regex") syntax in rules to match file names and registry keys.
The regex syntax used in ADC differs in a number of ways from common regex, some features use a different syntax or are not supported, and certain ADC-specific special features such as importing registry and environment strings into the pattern are added. This article lists key differences versus the common regex syntax, and provides working examples.
In ADC the syntax for a capturing group is \(pattern\) instead of the common (pattern).
Un-escaped parenthesis brackets are treated as literals in ADC.
The ^ and $ beginning and end anchors are added automatically at the start and end of the pattern in ADC. When entered manually in the policy editor, they are treated as literal characters.
Since the beginning/end anchors are automatically added, the entered pattern must always match the entire path string.
The regex patterns are always case-insensitive in ADC.
To match a literal % in a filename, use %%