To stay updated on your favorite discussions, please create an account or log in. Then, click the Bookmark icon to subscribe and receive notifications.

Excluded objects - variables and F-SECURE\COMMON\ALERTS\ scan errors

Options
alsimmo
alsimmo W/ Alumni Posts: 36 Security Scout

Hi,

 

As per subject line, I have several questions.  I'm sure I already know the answers but seeking confirmation on this.

 

The first is are wild card values ok to add in PM as excluded objects i.e. %APPDATA% or %ALLUSERSPROFILE%? 

 

Is the use of wild card exceptible such as C:\Program Files (x86)\Common Files\*.tmp for example?  In addition, if I exclude a folder is it represented as C:\Program Files (x86)\Common Files or C:\Program Files (x86)\Common Files\* or something else? 

 

Lastly, I frequently have scanning errors on a number of servers - 'An error occurred while scanning \DEVICE\HARDDISKVOLUME12\PROGRAM FILES (X86)\F-SECURE\COMMON\ALERTS\A555.TMP'.  Should this folder be excluded from real-time scanning too?

 

Thanks in advance for your time.

 

Regards,

 

Al

Comments

  • Ben
    Ben W/ Alumni Posts: 664 Cybercrime Crusader
    Options

    Hello Alsimmo,

     

    Concerning your questions about wild cards, you should find answers in the following KB.

    http://community.f-secure.com/t5/End-point/Using-wildcards-in-exclusions/ta-p/20428

     

    For the scanning errors, our support might need to take a look at the logs on the machine to figure out what is going on.

    Please kindly proceed to open a support ticket and provide a fsdiag at the same time.

     

     

    Thank you

  • Dmitriy
    Dmitriy W/ Alumni Posts: 179 Threat Terminator
    Options

    Hi,

     

    Regarding scanning errors you see with TMP files under PROGRAM FILES (X86)\F-SECURE\COMMON\ALERTS, this problem should be fixed in new versions of Client and Server Security products that will be released before the end of this year. Nevertheless, you can open a support ticket and request a hotfix if the problem is critical for you.

     

  • alsimmo
    alsimmo W/ Alumni Posts: 36 Security Scout
    Options

    Hi Dmitriy and Ben,

     

    Thanks for your reply.

     

    What is the best way to define generic exclusions where HARDDISKVOLUMES may be different for real-time scanning?  Also, is there a way to find out what drives are defined as DEVICE\HARDDISKVOLUME1 or \DEVICE\HARDDISKVOLUME2\? 

     

    I'm also thinking how I would exclude, say e:\reporting, if the HARDDISKVOLUME is the same as the c:\ drive?  I know the chances are small but has does this work?

     

    Thanks,


    Al

  • Dmitriy
    Dmitriy W/ Alumni Posts: 179 Threat Terminator
    Options

    Hi,

     

    You can use wildcards (* or ?) when making exclusions with device names (i.e. DEVICE\HARDDISKVOLUME*). Please check the following posts for more details:

     

    http://community.f-secure.com/t5/End-point/Exclusion-of-directories-using/m-p/5545
    http://community.f-secure.com/t5/End-point/Using-wildcards-in-exclusions/ta-p/20428

     

    Hope this helps.

     

This discussion has been closed.