To stay updated on your favorite discussions, please create an account or log in. Then, click the Bookmark icon to subscribe and receive notifications.

How to exclude a program in Deepguard?

Jaro W/ Alumni Posts: 21 Security Scout


We use Policymanager 10 and CS 9.x versions


F-secure ClientSecurity 9.x Deepguard is suddenly dectecting Dameware as dangerous application. How can I exclude Dameware from Deepguard scanning? I still want Deepguard to be enable.


  • Jouni
    Jouni W/ Alumni Posts: 30 Threat Terminator

    Hi Jaro,

    As you are using Policy Manager, you can add the executable file's SHA-1 hash as trusted on Policy Manager's DeepGuard Applications -table.

    This table can be found from Policy Manager Console in advanced mode:
    F-Secure DeepGuard -> Settings -> Applications

  • MJ-perComp
    MJ-perComp W/ Alumni Posts: 669 Firewall Master

    Please also submit the file to


    After the FA has been fixed you may remove the exclusion again.



  • Jaro
    Jaro W/ Alumni Posts: 21 Security Scout

    I have done that a few years ago, but now it does not seem to work. Can I use the hash that is shown in the alert? This is just an example for aboapaivitys.exe :

    Application was blocked. This was determined to be a high-risk application by system control heuristics.

    Application path: \\?\c:\aboa\aboapaivitys.exe File hash: 91d3a2b45db6931a4e603dde11ef5484837ce475

  • MJ-perComp
    MJ-perComp W/ Alumni Posts: 669 Firewall Master

    YES, use that hash!


    But I think that DG also obeys the realtime sacnning excludes! at least with FSCS9.31...



  • etomcat
    etomcat W/ Alumni Posts: 1,172 Firewall Master

    The problem with use of CRC/SHA-1/MD-5 checksum for exclusion is that IBM-compatible PC is a "von Neumann" type platform, therefore self-modifying executable code is perfectly legal. One cannot legitimately expect that only malware will use self-modify code, thus checksum start to change and become unusable.


    The best thing is to have the executable receive a digital signage from the software vendor and F-Secure virus lab will grant a generic exclusion for that crypto signature, if the vendor is truly reputable. (But maybe this reputation method may not work now, thanks to guys who wrote Stuxnet/Duqu?)

  • MJ-perComp
    MJ-perComp W/ Alumni Posts: 669 Firewall Master

    signing software requires that the file that is signed does NOT change!

This discussion has been closed.