How to Add Exclusions to Veeam Threat Hunter Scan

To exclude files or folders from Veeam Threat Hunter Scane, create the following registry value on the Veeam Backup Server:

Key Location: HKLM\SOFTWARE\Veeam\Veeam Threat Hunter\
Value Name: VTHScanExclusions
Value Type: Multi-String Value (REG_MULTI_SZ)
Value Data: (See notes below)

Value Data Notes:

• One exclusion string per line.
• Strings specify both file and folder names that will be excluded.
  
• Wildcards may be used before, within, or after the string.
  
• A wildcard can be anything within the path, so great care must be used when placing a wildcard in the middle of an exclusion string.
  Example: '\foo1*\foo2*\*' could be any number of folders deep (e.g., \foo113\folder\subfolder\foo212\ )
• A wildcard and a folder separator are automatically prepended to each exclusion entry.
  Example:  'Documents*' will be handled as '*\Documents*'
• Any included drive letter will be converted to a wildcard.
  Example: 'C:\Users\*\Documents*' will be handled as '*\Users\*\Documents*'
• The exclusion string must be at minimum three (3) characters long.

Examples

The exclusion function looks at the entire file path of each file and checks if anything in that path matches an exclusion entry. Think of the exclusion string as a simplified form of regex.

• '*.foo' would be handled as if it read '*\*.foo' and match any file path that ends in .foo because there is no wildcard after the value.
• 'foo*' would be handled as if read '*\foo*' and match any file path containing a folder or file name starting with "foo" and their subfolders.
• '\foo\*' would be handled as '*\foo\*' and match only folders that are named precisely "foo".
• '\foo1*\foo2*\*' would be handled as '*\foo1*\foo2*\*' and match only to contents of a folder beginning with 'foo2' that is contained within a folder path that has a parent folder whose name begins with 'foo1' (e.g. \foo113\folder\subfolder\foo212\ ).