How to exclude folders and subfolders in the F-Secure Policy Manager Console?

Patte

Hello, I have just found a manual from F-Secure Anti Virus for Workstation, but none on the F-Secure Policy Manager Console. 1. How can I exclude folders and subfolders in the F-Secure Policy Manager Console? 2. If I exclude a folder, all subfolders and files will be excluded in this folder too? Best regards, Patte

Ben

 Hello Patte,

 

You should be able to set object exclusions in the Policy Manger console in advanced mode, in the Policy tab under

F-secure Anti-Virus>>Settings>>Settings for Real-Time Protection>>Scanning Options>>File Scanning>>Inclusions and Exclusions.

 

First enable the option and then fill in the "Excluded Object" table as wanted.

 

The following article might be useful to you for the formatting of your exclusions

 http://community.f-secure.com/t5/End-point/Using-wildcards-in-exclusions/ta-p/20428

 

 

Patrick_C

I'm also having the same issue. I tried everything but it's not working. I have a file that still getting blocked (named "convJPEG.exe") and it's not a virus, it's a process in our business software. I also have tried evrything descibe here:

 

http://community.f-secure.com/t5/End-point/Using-wildcards-in-exclusions/ta-p/20428

 

But it's doesn't work. File is still block each time I release it. Strangely, everything was working fine before last week-end...

Ben

Hello Patrick_C,

In your case I would advise you to exclude the process in the Policy Manager
F-secure Anti-Virus>>Settings>>Settings for Real-Time Protection>>Scanning Options>>File Scanning>>Inclusions and Exclusions.

First enable the option and then fill in the "Excluded Processes" table as wanted.

You might also want to submit the application as false-positive to our lab in order to have it added to the whitelist.

Patrick_C

Hello Ben,

 

Thanks for your quick answer. But like I said in my request, this step has already been done and it's not working. I'm still having a file bloqued by F-Secure. This file (convjpeg.exe) is present and used for years here and since last week-end, it's been block by F-Secure. That's why I want to exclude it from real-time scanning, but it's doesn't work.

 

If I setup this exclusion directly in a F-Secure workstation, it's wokring. It's only in F-Secure Policy Manager Console that does'nt work. And I can't pass trought all my 50 computers to set this up...

 

Thanks!

Ben

Hello Patrick_C,

 

Can you check that your clients/ workstations are indeed receiving the policy containing the exclusions?

You can go in the User Interface on one client, in the settings and under Other settings>>Central management>>Policy information.

Or in The Policy manager under the status tab in anti-virus mode.

 

Also when you are saving the exclusion table, could you try forcing the table?

 

As mentioned earlier, contacting our support so that they can take a better look at the issue, might be necessary.

 

Thank you

Patrick_C

Hello Ben,

 

I have check what you ask me and it's correctly setup. I tried to froce the table, but it still the same thing. I will follow your request and contact your technical support to fix this.

 

Thanks again for your help!

MJ-perComp

Hi,

may I just add that F-Secure does recommend NOT to use any exclusions at all! If you face a problem (performance or false positive) you should always report these to support ASAP so that the cause can be fixed.

 

If an exclusion is needed, then it should be temporaily and removed asap again.

 

Neither Microsoft nor Citrix (both often quoted) recommend to add permanent exlusions!

 

HTH

Matthias

Patrick_C

Hi Matthias,

 

That exactly what I did yesterday. I sent my file to F-Secure for analyse and file result o.k. It supposed to be corrected in a next update. I just hope it won't take too long becase I'm still having issues with it even if I have configured exclusions...

 

Thanks!

 

 

Patrick.

Jayson

Hi Patrick,

I just wanted to make sure that your issue is fixed since the release of the update. Please feel free to contact us again and update the post with your query If you have further question or issue.

Thanks.


Best Regards,
Jayson

Sarshar

I'm having the same issue,

 

I had this problem on PMS/PMC 11.20, 11.21 and 11.22 which is realesed lately on both CS 11.50 and 11.60

 

it's not about policy distribution as excluded object which is a file name like "keygen.exe" is found in policy.bpf on client side. (no need to mention that these type of exclusion by PMC is not shown in CS GUI settings)

 

these syntaxes have been tried :

 

{
{15:*\\*keygen.exe*}
}
{
{12:*keygen.exe*}
}
{
{10:\\*keygen*}
}
{
{14:\\*keygen.exe*}
}
{
{10:keygen.exe}
}

 file location can't be defined exactly as every user would download it from server to arbitrary location in hard drive, that's why I can't use a specific location syntax.

 

by the way, I even excluded filename in process exclusion and of course enabled the feature in advanced mode.

 

I sent email to request support and still no solution.

 

Can anyone help me, I really need to handle exclusion for our customers.

 

Regards

 

 

EDIT: REMOVED PERSONAL INFO

Vad

Hello Sarshar,

 

Could you please, provide your support request ID. We'll probably need fsdiag and Scanning Platform debug logs collected on affected host to identify the issue.

Also, please try:

*keygen.exe

 

Best regards,

Vad

Sarshar

Thanks for reply

 

I tried *keygen.exe, no success.

 

I sent serial emails to Mr. Knut Vatnetstrom and received some, but no support IDs.

 

I thought maybe some users found a solution.

 

Regards,

XXXXXXXXXXXXXXX@XXX.com

 

EDIT:REMOVED PERSONAL INFO

Ben

Please request the support ticket number from your contact, or proceed to open a support ticket here if none has yet been created.

 

For privacy reason please avoid  signing your posts using your email address. 

Sarshar

Got this error :

 

The server encountered an internal error or misconfiguration and was unable to complete your request. Please contact the server administrator.

 

Couldn't register a support ticket

chonch

Hello Sarshar ,

 

We have tried, and managed to open a support ticket successfully using the web form given by Ben earlier.

 

Please give that a trial again and let us know how it goes.

Thank you.

 

Regards,

CheeHow

Sarshar

Thanks, I tried Kudos which doesn't work

Sarshar

I'm still waiting for solution.
My ticket number is :
SR ID: 1-XXXXXXXXX
Created: 2014-09-04 04:29:25 PM
Subject: [SR ID:1-XXXXXXXXXX] Re:Filename exclusion in PMC

 

 

Ben

Did you review the information send by the support agent on the 5th?

 

In order to speed up the resolution, please send an fsdiag in your support ticket so that we can review the implementation of the current exclusions. 

 

 

Sarshar

syntax trick didn't work if you mean.

anything else ?

Vad

Sarshar,

 

Yes, we are waiting for fsdiag collected on one of your affected hosts.

 

Best regards,

Vad

Sarshar

It's weird, today I tried to regenerate fsdiag to send to F-Secure, but I wanted to check policies once again before fsdiag generation. suddenly I saw excluded objects in FSCS GUI !!! not exclusion is working on my machine !

DeepGuard stopped the app but I added SHA1 hash which worked fine and now everything is ok.

I will check with customer to see if they still have problem or not.

Did you release any product update about it ? hot fixes or patches ?

How come the issue gone without any changes ?!?!

 

Anyhow many thanks for your support, i will be testing on the other policy domains as well.

 

Regards

Vad

No, we didn't release any updates, fixes or patches. Probably, previously your host didn't receive the policies with exclusions from PM. And today it finally got them.

 

Best regards,

Vad

Sarshar

Dear Vad, previously policies were received as they could be found in policy.pbf but they weren't shown in Client Security exclusion objects. there should be a problem about CS and policy.pbf relation not PM -> CS relation.