Can't exclude AMON from scanning "wcescomm.log"?

Discussion in 'NOD32 version 2 Forum' started by windstrings, Mar 3, 2005.

Thread Status:
Not open for further replies.
  1. windstrings

    windstrings Registered Member

    Joined:
    Oct 20, 2004
    Posts:
    337
    I've tried this before without success and thought I would try again..
    the files "wcescomm.log" is associated with "activesync" used for pda's syncronizing with outlook.

    AMON scans it about every 5 seconds or more.. would be nice to exclude it?

    Does anyone else have this problem?
    Its located in C:\documents and settings\myname\local settings\temp\wcescomm.log

    Its only found in that one location of my whole hardrive.

    When I include the pathway in AMON excusions... its ignored and it scans anyway?

    This behaves the same way whether I pick it as a file.... or a directory and just put the temp dir in to be excluced?

    any suggestions?
     
  2. WYBaugh

    WYBaugh Registered Member

    Joined:
    Jan 23, 2003
    Posts:
    122
    Location:
    Florida
    Hi WindStrings,

    Unfortunately you cannot use long file names when excluding in Amon. Enter the short (8.3) path name to your file and Amon will work correctly.

    Hope this helps!

    Bill
     
  3. windstrings

    windstrings Registered Member

    Joined:
    Oct 20, 2004
    Posts:
    337
    thats good to know... what may be the easiest way to determine how that would be written?....
     
  4. NOD32 user

    NOD32 user Registered Member

    Joined:
    Jan 23, 2005
    Posts:
    1,766
    Location:
    Australia
    If you want 8.3 format filenames I think the most compatible would be to to view each section of the path manually starting from just the drive letter using the /x switch and then changing directory using the 8.3 filename. You'll end up with the whole path in 8.3 format as the prompt.
    Code:
    D:\>dir /x /o
     Volume in drive D has no label.
     Volume Serial Number is FCB1-89BD
    
     Directory of D:\
    
    02/03/2005  04:18 AM    <DIR>                       Backups
    14/02/2005  03:38 AM    <DIR>                       clones
    02/03/2005  04:19 AM    <DIR>          MYDOCU~1     My Documents
    27/02/2005  11:25 PM    <DIR>                       proj
                   0 File(s)              0 bytes
                   4 Dir(s)  29,564,981,248 bytes free
    
    D:\>cd mydocu~1
    
    D:\MYDOCU~1>
    although there's probably an easier way than that....

    ....and if browse to the file/directory you want to exclude from within AMON it adds them as LONG filenames and they work fine like that for me. I always add the full path for exclusions explicitly (upper/lowercase and full path)
     
    Last edited: Mar 3, 2005
  5. windstrings

    windstrings Registered Member

    Joined:
    Oct 20, 2004
    Posts:
    337
    Whats funny.. it I can exclude things in "program files"... which does not adhere to dos 8.3?


    I am getting closer to trying this... but how would I write "local settings"?
    with the space considered?... I forgot how to write spaces?
     
  6. NOD32 user

    NOD32 user Registered Member

    Joined:
    Jan 23, 2005
    Posts:
    1,766
    Location:
    Australia
    ...Sorry added a paragraph at the end of my last post.
    Try browsing to the file or folder you wish to exclude from within AMON and selecting it that way if you haven't already done so. It will be in LONG filename format but all my exclusions are like that and they work great
     
  7. Howard

    Howard Registered Member

    Joined:
    Sep 3, 2004
    Posts:
    313
    Location:
    Wales, UK
    Try locals~1

    FWIW, I use Total Commander (file manager used to be known as Windows Commander in the mid-90s) which has an option to display in 8.3 format - very useful for NOD32 exclusion as this appears to be quite arbitrary in accepting/rejecting long file names - see Blackspear's post in the Future Chages to NOD32 thread https://www.wilderssecurity.com/showthread.php?t=49674&page=1

    "Everything Else

    1. Use a profile to run a scheduled scan

    2. Excluding files and directories to be simplified, so that it accepts long names."
     
  8. windstrings

    windstrings Registered Member

    Joined:
    Oct 20, 2004
    Posts:
    337
    the "locals~1" worked!!!!

    I put in c:\docume~1\myname\locals~1\temp\wcesco~1.log

    funny thing.. now when I remove it.. it still works!!!.... I'll have to watch it for a bit.... seems that part of the programming is a bit unstable?
     
  9. windstrings

    windstrings Registered Member

    Joined:
    Oct 20, 2004
    Posts:
    337
    Does anyone know if its benificial to scan "system.ini"?
    Mine gets scanned constantly?
    Doesn't seem to hurt anything.... I"ve never heard of a virus messing with that file?
     
  10. windstrings

    windstrings Registered Member

    Joined:
    Oct 20, 2004
    Posts:
    337
    Goofy thing!..... :mad:

    Seems after a reboot... it scans it again!...so I again put in my line..... c:\docume~1\myname\locals~1\temp\wcesco~1.log
    and it persist in scanning as before...
    so I shut down NOD and restated it to no avail...
    So I again rebooted to no avail?...

    Oh well I'm not gonna lose any sleep over this one.....
     
  11. Howard

    Howard Registered Member

    Joined:
    Sep 3, 2004
    Posts:
    313
    Location:
    Wales, UK
    I lost a lot of sleep over "C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Pbk\rasphone.pbk" I tried every combination of long/short file name I could think of, but I could not get AMON to stop checking rasphone.pbk several times/minute; in the end I excluded the extension pbk as this is the only file with it on my machine.
     
  12. NOD32 user

    NOD32 user Registered Member

    Joined:
    Jan 23, 2005
    Posts:
    1,766
    Location:
    Australia
    I don't understand what all the fuss is about I've got 'C:\PROGRAM FILES\AHEAD\INCD\INCD.EXE' ignored and it works perfectly for me.
    I'm wondering now if there is a length limit for the ignore string or something else like that?
     
  13. windstrings

    windstrings Registered Member

    Joined:
    Oct 20, 2004
    Posts:
    337
    I can exclude stuff in "program files" also....

    The problem seems to be anything underneath "documents and settings"

    I did get the pathway correct with help from you guy, but it still won't exclude it for "wcescomm.log"

    I tried that and it worked!... I excluded "log".... only problem now.. I don't know if thats safe..... there are an aweful log of log files floating around on any given computer?.... I think I'll take that back off for now?
     
  14. windstrings

    windstrings Registered Member

    Joined:
    Oct 20, 2004
    Posts:
    337
    quoting my own post..... man thats terribleo_O

    Anyway.... does everyone out here notice system.ini is being scanned very frequently... or am I alone?
     
  15. Howard

    Howard Registered Member

    Joined:
    Sep 3, 2004
    Posts:
    313
    Location:
    Wales, UK
    Sometimes quoting your own post is the best way to draw attention to a neglected point or question, like now :)

    FWIW, I am not seeing system.ini being frequently scanned - in fact, I am not seeing it being scanned at all (not saying it isn't being scanned, just it has not happened when I have been looking)
     
  16. windstrings

    windstrings Registered Member

    Joined:
    Oct 20, 2004
    Posts:
    337
    Well I"m not going to exclude it..... since its a system file...
    Here is a look at my system.ini

    ; for 16-bit app support
    [drivers]
    wave=mmdrv.dll
    timer=timer.drv
    [mci]
    [driver32]
    [386enh]
    woafont=dosapp.FON
    EGA80WOA.FON=EGA80WOA.FON
    EGA40WOA.FON=EGA40WOA.FON
    CGA80WOA.FON=CGA80WOA.FON
    CGA40WOA.FON=CGA40WOA.FON

    It may be since there are references to my sound that that file gets accessed frequently by the systemo_O?
    Well for that matter... my timer is in their too?...
    I think somewhere I gave my timer priority to speed up my system.
    If so that could make NOD check it too...
     
  17. NOD32 user

    NOD32 user Registered Member

    Joined:
    Jan 23, 2005
    Posts:
    1,766
    Location:
    Australia
    Try here for more info on excluding just one specific file --> {[THREAD=69331]thread[/THREAD]}

    I don't notice 'system.ini' being scanned on my system.
    You probably realise that files are only scanned on event, so something running on your system must be accessing it either to check or update a setting or something.
     
    Last edited: Mar 4, 2005
  18. windstrings

    windstrings Registered Member

    Joined:
    Oct 20, 2004
    Posts:
    337
    Hey... thanks for the thread... it did the trick!!!

    Here is a copy from it:
    Funny you have to add to twice "one each way"... but it works.... toooo Coool! :doubt:

    thanks!!!!!
     
  19. windstrings

    windstrings Registered Member

    Joined:
    Oct 20, 2004
    Posts:
    337
    Its interesting to watch AMON as it reveals what gets accessed and how often....kinda reveals things about my computer I didn't know.
    For instance.. I always thought system.ini was mere part of the "sysedit" compilation of initiate files. I thought the computer read them when It was comming up and they were basically doing nothing after that?....

    Maybe I got that impression from watching autoexec.bat and config.sys?

    I have never had formal training on computers, so there is alot fallen between the cracks in my knowledge base..... Taught myself "as many have"

    But apparently the system.ini gets polled quite often to see whats up?.... seems a bit inefficient to me.... but in some way or another when you looks at ports, IRQ's, wait states etc.... everything is getting polled it seemes sometimes!

    Pretty amazing what these things actually do.... "computers I mean!"
    Would probrably scare me if I really know it all?
    Works a bit like our own brain as we seemed to have created in our own image!
     
Thread Status:
Not open for further replies.