What is the correct format for file/folder exclusions

alsimmo

Hi All,

 

I'm a bit confused as to which format to use for exclusions in real-time and manual scanning in Policy Manager.  I've previously used either *\\HarddiskVolume*\\AppData\\Local\\Microsoft\\Outlook\\Offline Address Books\\*.oab for real time or *\\AppData\\Local\\Microsoft\\Outlook\\Offline Address Books\\*.oab for manual scanning.  

 

The reason for the confusion is because of these two pages:

https://community.f-secure.com/t5/Business/Using-wildcards-in-exclusions/ta-p/20428

https://community.f-secure.com/t5/Business/Excluding-objects-from-Real-Time/ta-p/66013

 

I would really appreciate if someone could clarify the correct format please.

 

Many thanks,

Al

 

Vad

Hello Al,

 

This two pages do not contradict one another.  The first one explains how to use wildcards in excluded objects. The second one explains the procedure of adding excluded objects, and contains examples without wildcards.

You can continue to use the exclusions you presented without any changes.

 

Best regards,

Vad

MJ-perComp

And why would you exclude "*.oab"?
1) You should never exclude anything, unless you track down a problem
2) AFAIK "oab" is not even scanned normally.

 

So if you have a problem with OAB that is a suport case. Please open a case with F-Secure, so that you will get the needed debugtools and instructions.

alsimmo

Thanks for your explanation Vad.

 

Regards,

Al

 

 

alsimmo

Hi Matthias,

 

I was simply following MS recommendations.  https://technet.microsoft.com/en-us/library/dn769141.aspx

 

Do you have any reference for F-Secure not scanning OAB or any other files for that matter?  If I can reduce the list of exclusions it would make my life easier.

 

Regards,

Al

 

 

MJ-perComp

This is the main Technet article listing all exlusion related stuff:
https://social.technet.microsoft.com/wiki/contents/articles/953.microsoft-anti-virus-exclusion-list.aspx

The introductory (first) article in that is:
http://support.microsoft.com/kb/822158

which states:

---

INTRODUCTION

This article contains recommendations that may help an administrator determine the cause of potential instability on a computer that is running a supported version of Microsoft Windows when it is used with antivirus software in an Active Directory domain environment or in a managed business environment.

Note We recommend that you temporarily apply these procedures to evaluate a system. If your system performance or stability is improved by the recommendations that are made in this article, contact your antivirus software vendor for instructions or for an updated version of the antivirus software.

Important This article contains information that shows how to help lower security settings or how to temporarily turn off security features on a computer. You can make these changes to understand the nature of a specific problem. Before you make these changes, we recommend that you evaluate the risks that are associated with implementing this workaround in your particular environment. If you implement this workaround, take any appropriate additional steps to help protect the computer.

So MS does NOT recommend to implement any exclusion as default, why should F-Secure? If you identify an issue with performance and you were able to track it down to F-Secure by these instructions please raise a Support case and request a fixed version as recommended by Microsoft.