Exclusions questions

Discussion in 'Other ESET Home Products' started by jholbrook, Jul 23, 2008.

Thread Status:
Not open for further replies.
  1. jholbrook

    jholbrook Registered Member

    Joined:
    Jul 23, 2008
    Posts:
    11
    I've been sitting on hold for nearly 40 minutes with Eset support. I figure I might get a faster response here.

    Is there any good documentation on configuring exclusions via the Remote Administrator?

    If I want to exclude all .mdf files do I do a *.mdf or .mdf? I figure *.mdf makes more sense but I just want to be sure.

    Second, if I want to follow Microsoft's recommendations on exclusions (http://support.microsoft.com/kb/822158) does NOD32 recognize variables like %windir% and %systemroot%?? Is there a list of variables that I can use for exclusions?

    One other question not related directly to exclusions but is there any best practices for managing the packages? I was thinking that I would need to create separate packages with configurations specific for certain servers like Citrix, SQL, etc with different exclusions. Is it a problem to put all the exclusions even if they don't really apply to the server that NOD32 is installed on? For example, if I put an exclusion to not scan C:\Program Files\SpecialProgram but the folder doesn't exist on most of my servers will any errors be generated or will NOD32 just ignore it?

    If I can put all the exclusions in every package, then I'm thinking the only thing I'll need to do is have two packages. One for PCs that I can scan during the day (since most users turn off their PCs at night) and one for everything else that gets scanned in the wee hours of the morning.

    Any recommendations?
     
  2. SoCal_Sparrow

    SoCal_Sparrow Registered Member

    Joined:
    Jan 23, 2008
    Posts:
    10
    From the Help File:
    Exclusion format
    When configuring exclusions in the resident scanner, special symbols – wildcards, such as “*” and “?” can be used.

    Examples:
    - If you wish to exclude all files in a folder, type the path to the folder and use the mask “*.*”.
    - If you want to exclude doc files only, use the mask“*.doc“.
    - If the name of an executable file has a certain number of characters (and characters vary) and you only know the first one for sure (say “D”), use the following format: “Do_O?.exe”. Question marks replace the missing (unknown) characters.
    ----------
    As far as using System Variables, I don't know, good question. I don't personally follow MS's recommendation on this, and I've not run into any issues. I do follow Eset's recommendation and have exclusions between AMON/XMON on my Exchange server:

    • Excluding Exchange files from resident protection scanning
    XMON scans e-mail messages stored in the MS Exchange
    Server storage. This storage is saved on the server
    file system as a single file and using non-standard settings
    in AMON (on-access scanner) while running on the
    same server, might lead to a collision between XMON and
    AMON. To avoid the collision make sure that the AMON
    module is not set to scan .EDB, .TMP and .EML file types.
    By default, the mentioned extensions are excluded
    from scanning. It is also recommended to exclude from
    scanning directories containing following files and directories:
    %ProgramFiles%\Exchsrvr\MDBData\
    %ProgramFiles%\Exchsrvr\Mtadata\
    %ProgramFiles%\Exchsrvr\Server_Name.log
    %ProgramFiles%\Exchsrvr\Mailroot
    %ProgramFiles%\Exchsrvr\Srsdata
    %SystemRoot%\System32\Inetsrv
    %ProgramFiles%\Exchsrvr\IMCData

    (This makes me believe System Variables are okay to use, but I still use an absolute path in my config.)
    ------------

    And about having Exclusion entries for folders that do not exist, I've not had a problem doing this in the past. However my chosen method is to use one base installation package that will install on everything, then push the specialized configurations out once they check in with RA. I maintain the configuration files separately anyway, and this way I don't have to update dozens of packages when there's an upgrade or config change. This is more for security/paranoia as the more exclusions there are the better the odds that something will come along and exploit that exclusion, so no exclusions unless there have to be.

    I've also found it easier to teach my users to leave their workstations on at night than to deal with their incessant bickering. That way, all scans, updates, etc. can be handled without interruption.
     
  3. jholbrook

    jholbrook Registered Member

    Joined:
    Jul 23, 2008
    Posts:
    11
    Thanks for the reply. We're not running Exchange.

    I ran into an issue where my exclusions weren't being taken by a particular client. Then after 20 mins of talking to ESET support I discovered that what I really wanted was EXTENSIONS and not EXCLUSIONS to exclude things like *.ndf, *.ldf, etc.

    Thanks.
     
  4. jholbrook

    jholbrook Registered Member

    Joined:
    Jul 23, 2008
    Posts:
    11
    Another question about exclusions. If I exclude a directory (e.g. c:\windows\sysvol\*.*) does that also exclude all subdirectories? Or more specifically how do I exclude a directory and all subdirectories and how do I just exclude a specific directory?
     
  5. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Yes, this will exclude also all subdirectories. A specific directory can be excluded by entering the exact path to it in the exclusion pane.
     
  6. YeOldeStonecat

    YeOldeStonecat Registered Member

    Joined:
    Apr 25, 2005
    Posts:
    2,345
    Location:
    Along the Shorelines somewhere in New England
    There is a radio button choice there....to exclude subfolders...or not. Depends which choice you've selected.
     
  7. Crem

    Crem Registered Member

    Joined:
    Aug 24, 2008
    Posts:
    6
    How should i do to only exclude folders from realtime protection but not on-demand scan ?
     
  8. YeOldeStonecat

    YeOldeStonecat Registered Member

    Joined:
    Apr 25, 2005
    Posts:
    2,345
    Location:
    Along the Shorelines somewhere in New England
    Done within AMON.
     
Thread Status:
Not open for further replies.