How to configure exclusions to unknown paths

This is what I mean:

We use ipscan.exe as an inventory tool to see what is on a customers' network.
The paths that our colleagues use to store ipscan.exe are different. So I wanted to exclude ipscan.exe as:
*:\\*.*\ipscan.exe
and *:\\ipscan.exe

But unfortunately, when I copy it from my excluded folder to another it is quarantained immediately from the new location.
Yes of coarse I can exclude and restore from quarantaine, or uncheck unsafe applications, but that is not what I want.

I believe I see this behaviour in almost all versions

I hope you guys can make me and my colleagues happy

 

I don't think it can be done with Eset unless you submit it so it is removed from detection. See, similar
https://www.wilderssecurity.com/showthread.php?p=1667628#post1667628

 

In this case it will not be resolved by a signature update, because the behaviour of the tool "may be unwanted". And I want my EAV4 to scan and quarantine that category .

But on the other hand, when I want to exclude a particular file, I want to be able to do so.

I hope we can have the discussion in a good matter of understanding.
I believe the other thread you mentioned was not a good example of clear communications

Greetings from Holland

 

another solution may be to exclude certain foldernames with all objects in the folder. For example:

C:\toolbox\*.* (everything within that folder)
But the toolbox folder may be everywhere on the machine, and even on other drives (USb drives!)

So that option is on my wish list too

greetings from holland!

 

From memory both Kaspersky and Symantec will behave similarly. In the other thread there was a mention that McAfee allows global exclusions. If it does then again from memory it might be Enterprise and not Home version where its Artemis engine jumps on anything remotely suspicious (and can't be excluded either)

 

forget this particular post; I did not look good,
it was restored as it should, but I did not see it

 

@cudni:
We are talking about Eset NOD32 here. I will not switch to other software as I want to work with Eset NOD32 - period.

I don't want to be unfriendly but please stay on the ESET road here.

 

I think we are at cross purposes here and you are jumping to strange conclusions.
In any case how about based on
http://kb.eset.com/esetkb/index?page=content&id=SOLN560

C:\*ipscan*.exe where C can be other drives/paths

would that work?

 

My conclusion is not so very strange as I tested it and it does not work .


Greetings from a dark Holland

 

A final answer (as they say in that show UK )
https://www.wilderssecurity.com/showpost.php?p=1667965&postcount=20

 

You certainly can submit the file as a false positive however, it is defined as potentially unwanted then the only way to exclude the file is by specifying an absolute file path in the exclusion. As for excluding the contents of a sub folder that is absolutely possible. Such as C:\SomeDir\*.*. This is just the way the product functions. It will allow you to enter any value you want into the exclusions. However, if it is in the wrong format it will simply ignore the value.

 

well, used in that way it works right

But it would be even nicer if we could configure "something.exe" to be excluded from scanning regardless the location of the file. That possibility would be very nice for network configurations (simply drop it in an config.xml and you've taken care of your whole network).

But i read the other thread and i assume there are reasons for this choice so this thread can be closed.

Greetings from a very rainy Holland

 

Most other major Anti-virus products allow something like you describe.

I use Spector 360, to monitor my users activities for security and legal purposes, and NOD32, randomly decides to quarantine the Spector client. Spector uses known file names, but places some files in random locations. ESET's exclusion system does not seem to be able to handle the simple task of globally excluding a file by name.