When configuring TDR exclusions, can I use variables like %USERNAME% or %PROGRAMFILES%?

John_NortonJohn_Norton WatchGuard Representative
in TDR - General Questions

I need to create similar exclusions for several users, but I don't want to type in every possible user name. Can I use variables in exclusions?

Best Answer

  • John_NortonJohn_Norton WatchGuard Representative
    Answer ✓

    Environment variables will often produce unexpected results when used in exclusions. This is because the exclusion is loaded at host sensor startup and reloaded when a change is made to the exclusion list, but environment variables can change or be reset when a new user logs on to the system or makes a manual change to a variable.

    For this reason, it is recommended to avoid using variables, and instead use wildcard expansion with an asterisk. For example, if you need to exclude “C:\Users\%USERNAME%\AppData\Local\Temp\MyProgram”, replace %USERNAME% with “*”: “C:\Users*\AppData\Local\Temp\MyProgram”

Sign In to comment.