Hi,

When creating folder exclusions for a SCEP policy, is it OK to use system variable locations such as %localappdata%?

From our testing we seem to get mixed results. The info from Microsoft seems a little mixed too - there are such locations used in the example policies provided for import, but the TechNet page on the subject makes no mention of them.

Also does adding a folder location automatically exclude all folders under it? e.g. Would 'C:\Test' also exclude C:\Test\01 and C:\Test\02 etc.?

Yes sub directory's are included and yes to environment variables.

https://support.microsoft.com/en-us/kb/2962341

Don't forget all the available SCEP templates that can be imported, they come in handy 

• Edited by Richard.Knight 20 hours 38 minutes ago
• Proposed as answer by Jason SandysMVP 18 hours 26 minutes ago

When creating folder exclusions for a SCEP policy, is it OK to use system variable locations such as %localappdata%?  - It's up to you. I would recommend not to block SCEP from scanning  localappdata location.

Also does adding a folder location automatically exclude all folders under it? e.g. Would 'C:\Test' also exclude C:\Test\01 and C:\Test\02 etc.? - You can exclude folder, subfolder and files in the subfolders. In this case you could use the wildcard characters, be careful here as it will not scan anything under the folder once you use wildcard characters. Supported usage of wildcard characters are mentioned here - https://support.microsoft.com/en-us/kb/2962341

Check the below link, it's very useful.

http://blogs.technet.com/b/systemcenterpfe/archive/2012/11/29/system-center-2012-configuration-manager-antivirus-exclusions.as

It seems that some system variables work and others don't.

Even the ones suggested in some of the provided policy examples don't work. e.g. %exchangeinstallpath% does not work.