exclusion

Can anyone tell me exactly what to put in the exclusions option to stop Amon from constantly scanning Boclean?.

This thing just keeps climbing and climbing.......


Thanks.



snowbound

 

Try using the short path name, for example,
C:\PROGRA~1\WISDOM~1\SCREEN~1.EXE

HTH....

Regards,
Kent

 

I tried that Kent, but it didn't work.

I saw a thread in here somewhere from a couple a months ago on this subject but i can't seem to find it.

If i recall, i don't think a solution was worked out anyway.

Thanks Kent



snowbound

 

snowbound,

Try excluding the boclean directory with both the long and short path names......

See if this thread helps https://www.wilderssecurity.com/showthread.php?t=13536

Regards,
Kent

 

See also this thread https://www.wilderssecurity.com/showthread.php?t=16154;start=0. It mentions putting quotes around the path names, among other things.....

HTH....

Regards,
Kent

 

snowbound,

Here are 2 more threads you may want to look at:
https://www.wilderssecurity.com/showthread.php?t=15562 and
https://www.wilderssecurity.com/showthread.php?t=12469.

It seems others have had this problem also. Maybe someone who has had it and now has the exclusion for BoClean fixed will jump in with what that did to correct it. Or maybe one of the posted threads above will help you ....

Regards,
Kent

 

Hi again Kent.

I tried everything i could find in the links u supplied but i still can't get Amon to exclude Boclean.

Like Kent said if there is anyone out there who has successfully done this, i would really appreciate posting of the exact paths or whatever i need to exclude Boclean.

Thanks again Kent for taking the time to try and help.



snowbound

 

I used the same entries as optigrab in the referenced threads:

C:\PROGRAM FILES\NSCLEAN\BOCLEAN\BOCLEAN.EXE
C:\PROGRA~1\NSCLEAN\BOCLEAN\BOCLEAN.EXE
C:\WINDOWS\BOC411.INI
C:\PROGRA~1\NSCLEAN\BOCLEAN\BOCLEAN.DLL

Has always worked just fine for me.

I have noticed that the default object for AMON exclusions is a directory, did you check "File" under the excluded object while adding?

Perhaps you could post a screenshot showing what you have already added?

spamcat

 

oops , didn't notice that. Changed it to "file" and now Boclean seems to be excluded.

The only thing showing now is"win.ini" and "rpcss.ini".

Thank u spamcat for pointing that out to me.



snowbound

 

snowbound,

I am just glad you have got it working now, thanks to spamcat for his reply to something we were overlooking .....

spamcat, have a karma cookie for your help!!!!

Regards,
Kent

 

I have "cookies" for u both.





snowbound

 

I'm not familiar with this "rpcss.ini" file.

Can someone tell me what it is?




snowbound

 

The only mention of rpcss.ini I can find via google is in conjunction with the Raleka worm (spread via RPC DCOM exploit). Perhaps you should locate and scan via another antivirus (perhaps Housecall or submit to the online Kaspersky scan) just to make sure.

spamcat

 

Glad to see someone agree w/ me occasionally!!!

 

Good job and Thank u optigrab.

Been looking for this solution for a long time.




snowbound

 

Couldn't locate the file so i just did a full system scan at Housecall and everything came up clean.

hmm......



snowbound