The impact of using the wildcards in the path for this rule is C. Any executable in the downloads directory for any user on the system will be bypassed for inspection. This is because the permission rule has the following options selected:
Application at path: C:\Users*\Downloads**
Operation Attempt: Performs any operation
Action: Bypass
The application at path field specifies the path of the executable file that the rule applies to. The * wildcard matches 0 or more consecutive characters up to a single subdirectory level. For example, C:\Users*\ matches any subdirectory under the Users directory, such as C:\Users\Lorie, C:\Users\John, or C:\Users\Alice. The ** wildcard matches a partial path across all subdirectory levels and is recursive. For example, \Downloads** matches any files in that directory and all subdirectories. Therefore, by using the wildcards in the application at path field, the permission rule covers any executable file in the downloads directory for any user on the system.
The operation attempt field specifies the type of operation that the executable file attempts to perform. The Performs any operation option means that the rule applies to any operation, such as creating a file, modifying a registry key, or executing a command.
The action field specifies the action that the VMware Carbon Black Cloud Endpoint Standard sensor takes when the rule is triggered. The Bypass option means that the sensor ignores the executable file and does not apply any blocking rules or log any events for it1.
Therefore, by using the wildcards in the path for this rule, the permission rule effectively bypasses any executable file in the downloads directory for any user on the system from the VMware Carbon Black Cloud Endpoint Standard sensor’s prevention and detection capabilities. References:
Prevention Policy Settings - VMware Docs, Permissions section, Action subsection.