Is it possible to use regexp or wildcard when adding exception to detection rules?


when adding exceptions to detection rules, is it possible to use regular expressions or wildcards?

sometimes executable are started in directories created with random names, or have parameters with other variable parts, i.e. /home//some/path/to/file

Is it possible to for example match kind of:
or even only
/some/path/to/file ?

just want to ensure I don't accidentely miss what I'm looking for.


Exceptions do not allow wildcarding or regular expressions. Only extract string matching is supported.

thank you @ferullo
at least I didn't overlooked anything obvious.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.