A Question About Policies

When applying a policy such as "Exclusions", I'm able to use the Policy Manager to add or delete the exclusions I've added.

But what if someone has added their own exclusion? (For the sake of this example, let's assume the settings aren't password protected). Is there a way to enforce the list of exclusions in the policy only - and automatically deleting whatever else might be in that list that was manually added?

 

Either this feature isn't implemented or nobody knows how to do it - either way; that's not good!

 

At the moment, exclusion policies are cumulative and only allow you to append to existing local ones or remove explicitly stated ones. The exceptions are stored in the registry, so if you are in a domain you have some options to clear out the exceptions at that level and letting policy apply down only the ones you set. If you are running a managed deployment, I strongly suggest you set the console password to prevent future exceptions being added by end-users once the clean-up is done.

 

Thanks for the tip on the registry - that will be helpful.

 

Hi,

After I defined an exclusion if I mark this one for deletion never disappear from client. Realized that after marking the exclusion for deletion, the status column shows a delete word, then save changes. When I return to see exclusions delete word in status column desappear, hence exclusion in client still remains.

Thanks in advance for your help.

 

There is a known bug with the configuration editor where it doesn't properly save the delete flag to the XML file. I have reported it to Eset, and they said it should be fixed in the next release. For the time being you'll have to manually open the XML file and fix the flag.

Check out this thread if you need instructions on how to manually edit a policy XML file: https://www.wilderssecurity.com/showthread.php?t=233563