Can anyone tell me exactly what to put in the exclusions option to stop Amon from constantly scanning Boclean?. This thing just keeps climbing and climbing....... Thanks. snowbound
I tried that Kent, but it didn't work. I saw a thread in here somewhere from a couple a months ago on this subject but i can't seem to find it. If i recall, i don't think a solution was worked out anyway. Thanks Kent snowbound
snowbound, Try excluding the boclean directory with both the long and short path names...... See if this thread helps https://www.wilderssecurity.com/showthread.php?t=13536 Regards, Kent
See also this thread https://www.wilderssecurity.com/showthread.php?t=16154;start=0. It mentions putting quotes around the path names, among other things..... HTH.... Regards, Kent
snowbound, Here are 2 more threads you may want to look at: https://www.wilderssecurity.com/showthread.php?t=15562 and https://www.wilderssecurity.com/showthread.php?t=12469. It seems others have had this problem also. Maybe someone who has had it and now has the exclusion for BoClean fixed will jump in with what that did to correct it. Or maybe one of the posted threads above will help you .... Regards, Kent
Hi again Kent. I tried everything i could find in the links u supplied but i still can't get Amon to exclude Boclean. Like Kent said if there is anyone out there who has successfully done this, i would really appreciate posting of the exact paths or whatever i need to exclude Boclean. Thanks again Kent for taking the time to try and help. snowbound
I used the same entries as optigrab in the referenced threads: C:\PROGRAM FILES\NSCLEAN\BOCLEAN\BOCLEAN.EXE C:\PROGRA~1\NSCLEAN\BOCLEAN\BOCLEAN.EXE C:\WINDOWS\BOC411.INI C:\PROGRA~1\NSCLEAN\BOCLEAN\BOCLEAN.DLL Has always worked just fine for me. I have noticed that the default object for AMON exclusions is a directory, did you check "File" under the excluded object while adding? Perhaps you could post a screenshot showing what you have already added? spamcat
oops , didn't notice that. Changed it to "file" and now Boclean seems to be excluded. The only thing showing now is"win.ini" and "rpcss.ini". Thank u spamcat for pointing that out to me. snowbound
snowbound, I am just glad you have got it working now, thanks to spamcat for his reply to something we were overlooking ..... spamcat, have a karma cookie for your help!!!! Regards, Kent
The only mention of rpcss.ini I can find via google is in conjunction with the Raleka worm (spread via RPC DCOM exploit). Perhaps you should locate and scan via another antivirus (perhaps Housecall or submit to the online Kaspersky scan) just to make sure. spamcat
Couldn't locate the file so i just did a full system scan at Housecall and everything came up clean. hmm...... snowbound