Allow wildcards in File Exclusions
To comply with Microsoft's recommended exclusions for domain controllers, wildcards within file exclusions are necessary and folder exclusion is not recommended. For example, excluding the SYSVOL folder on domain controllers would allow any malicious file copied into that folder to be automatically replicated to all domain controllers in the environment.
We do not install our SYSVOL folder to the default location, which requires us to make file exclusions. http://support.microsoft.com/kb/822158 has the recommended actions to take.
Because this feature does not exist in SEPM, we cannot meet the best practices recommended by MS for scanning domain controllers and hinder performance. To not affect performance, we have to exclude all of the SYSVOL directory...lowering the security posture of all our domain controllers in the environment...not a great limitation to have with our security endpoint software.
Is this enhancement scheduled for a later release?