To stay updated on your favorite discussions, please create an account or log in. Then, click the Bookmark icon to subscribe and receive notifications.

Excluding directory

chef
chef Posts: 3 Security Scout
in Business Suite

Hi,

I am trying to exclude a directory but am having difficulty.  I’m sure I am just missing something obvious.  The client is Windows 8.1 running Client Security 11.61.  It continually logging this:

 

Malicious code found in file D:\Directory\Dropbox\.dropbox.cache\~caaddc6b.tmp.
Infection: Backdoor.Generic.746225
Action: The file was deleted.

 

In the policy manager in ‘Advanced Mode’, Policy tab, under F-Secure Antivirus 9.51, Settings, Settings for Real-Time Protection, File Scanning, Inclusions and Exclusions, Excluded Objects, I have the following:

 

*\\.dropbox.cache\\*
*\\HarddiskVolume*\\Directory\\Dropbox\\.dropbox.cache\\*

 

However, when I click on the Status tab I don’t see anything for excluded objects.  As far as I can tell the host has the latest policy.  I did a ‘fsmautil.exe poll’ on the hosts and got an OK reply.  I also verified on the policy manager (using Anti-virus mode view) and for ‘policy in use’ it says latest.

 

I have looked at the following but don't see what I might be doing wrong:

http://community.f-secure.com/t5/Business/Exclusion-of-directories-using/m-p/5545

http://community.f-secure.com/t5/Business/Using-wildcards-in-exclusions/ta-p/20428

 

Any help would be greatly appreicated.

 

Thanks,

Brad

Comments

  • Vad
    Vad Posts: 1,069 Cybercrime Crusader

    Hello chef,

     

    To make sure that your client has an exact setting in policy, you can use polutil.exe tool from F-Secure\common folder.

    For example full policies dump in file policy.txt can be created using following command:

    polutil.exe dump policy.txt

     

    If you still have a problem with exclusions, please, contact support. We'll need support tool information collected from affected host for further analisys.

     

    Best regards,

    Vad

  • chef
    chef Posts: 3 Security Scout

    Hi Vad,

     

    I can see this in the output of polutil.exe dump policy.txt

     

    "1.3.6.1.4.1.2213.12.1.111.2.100.100.50","base","row","no","0","*\\\\.dropbox.cache\\\\*"
    "1.3.6.1.4.1.2213.12.1.111.2.100.100.50","base","row","no","2","*\\\\HarddiskVolume*\\\\Directory\\\\Dropbox\\\\.dropbox.cache\\\\*"

     

    So it looks like it has the latest policy.  Could the problem be that the files begin with a ~?  I am trying to exlcude the whole directory.

     

     

  • etomcat
    etomcat Posts: 1,172 Firewall Master

    Hello,

     

    Submit a file to F-Secure Virus Lab, so they can fix the scanning logic which causes the false alarm (if it is indeed a false alarm). Exclusions are only a band aid.

     

    Best regards: Tamas Feher, Hungary.

  • Peter-Fl
    Peter-Fl Posts: 1 Security Scout

    Im sorry to say , but i dont like this solution

     

    I hae the same issue and tested it with with two folder exclusions.

     

     

    after excluded them (also seen im the web console) my eicar.com file is still deleted after placing it there.

     

    i want to be sure that it will exclude my SQL databases, group policy files etc etc.

    You can call it a band aid, but why does MS advise to exclude some files and folders then ?

     

    i came from a AV that this worked flawless, so i dont know why this is a issue for this AV software, and hve to trust all settings i made. i have more then 700 clients (and license) to support so it has to work correctly

  • Vad
    Vad Posts: 1,069 Cybercrime Crusader

    Hello Peter-Fl,

     

    Please, contact support. We need more information to investigate your issue.

     

    Best regards,

    Vad

This discussion has been closed.

Categories