exclusions question

I had cnfg the exclusions on amon on the server where xmon is scanning exchange (SBS2003).

Everything seemed to be ok and amon stopped scanning and bringing up alerts. But now amon is active again.

I read this:
To definately exclude a file from scanning by AMON, it has to be entered twice. Once in todays naming convention, (complete path) and once in the 8.3 naming convention. (complete path)

Is this related to an older ver of nod? I browsed for the files so I don't really follow this advice and why the path is not ok as it is.

Does this relate to exchange exclusions?

Apparently amon has become very active on the server and workstations. Why would this be occurring? Any ideas?

 

From what I can tell, this has to do with how the individual programs call the files. For example, does "Program X" think it is accessing the "C:\Documents and Settings" folder or the "C:\DOCUME~1" folder? Depending on the answer, that is what NOD32 needs for the exclusion.

That is my guess, anyway. Something about the backward compatability of the Windows filesystems makes for the inconsistency. To be sure, it would be nice of NOD32 could make the translation automatically, but I do not know what goes into the programming.

This is all just a guess. An Eset member would probably have a better explanation.