Add multiple excluded processes

MikkoN

Hello. Does anybody know how to add multiple excluded processes to Email and server security through Policy Manager? Should they be on separate lines or should I write all in one line and add a semicolon(for example) between paths?

 

Can I use wildcards when adding excluded processes for example can I use c:\examplefolder\*.exe or should I use *\\harddiskvolume1\\ examplefolder\\*.exe syntax?

 

I have found an article that talks about excluding files and folders but I cannot find information concerning about process exclusion.

 

Also, if I exclude one process which then starts another process, will that process also be excluded or is scanned?

 

Thanks in advance

 

Mikko

daempii

Are you trying to create a certain sanction for your files or folders so it can be excluded for scanning? Is that what you are trying to do?

MikkoN

well, lets say that I want to exclude some Citrix related processes and files that they handle from being scanned.

 

- Mikko

MJ-perComp

Hi,

 

while there is no reason to exclude anything in a TS/Citrix environment until you have a problem reported and need a temprary workaround there is a procedure to exclude cetrain processes from scanning (like Backup). Please open a support request to get advise for your environment.

 

The changes will be done in the registry not via policy...

 

HTH

MikkoN

thanks for your response Matthias. According to Citrix knowledge base articles they recommend that certain citrix related files are excluded from virus scans because they are known to cause problems. I was wondering that maybe i don't have knowledge or time to troubleshoot problems (if there will be any) but rather follow the guidelines just to exlude some files from scan. It's sometimes hard to pinpoint the root cause of the problem. Is it the Citrix process itself, Microsoft problem or maybe Virus-scanner that is causing the headaches.

 

Now i found that new version of Email and Server security 9.20 have added process exclusion option, too, to feature list. So I was wondering that maybe that feature would be helpfull. It allows me to move files in a harddrive without the need to create new exclusions to files/folder list because f-secure admin guide says that "files that exluded process's handle will be automatically excluded from scan".

 

By the way,  why should that process exlusion be done via registry when there is a GUI where I can do that(in local GUI and in PM)? Or have I understood the behavior and purpose of this new feature wrongly?

 

- Mikko

MJ-perComp

Read exactly:

In case of problems they recommend to exclude...

 

here is a statement from F-Secure's lab:

Here is the answer:

No exclusions are required on Citrix server unless there are real issues with real-time scanning. In general, making folder or extension based exclusions is considered a bad practice nowadays. If real-time scanning really affects some Citrix specific services/applications, then it is recommended to make process-based exclusions—it is more efficient and more secure.

 

excluding and EXE from scanning means that THIS exe is no longer scanned when started. Excluding a process means that the file this process accesses are no longer scanned, which is helpfull e.g. when doing a backup.

 

But you are right, the GUI seems to allow these settings, still it seems to be tricky to find the right processes. Filmon from sysinternals might help...