How to configure exclusions to unknown paths

Discussion in 'ESET NOD32 Antivirus' started by duijv023, Apr 27, 2010.

Thread Status:
Not open for further replies.
  1. duijv023

    duijv023 Registered Member

    Joined:
    Feb 16, 2006
    Posts:
    230
    Location:
    Rijnsburg, Netherlands
    This is what I mean:

    We use ipscan.exe as an inventory tool to see what is on a customers' network.
    The paths that our colleagues use to store ipscan.exe are different. So I wanted to exclude ipscan.exe as:
    *:\\*.*\ipscan.exe
    and *:\\ipscan.exe

    But unfortunately, when I copy it from my excluded folder to another it is quarantained immediately from the new location.
    Yes of coarse I can exclude and restore from quarantaine, or uncheck unsafe applications, but that is not what I want.

    I believe I see this behaviour in almost all versions o_O

    I hope you guys can make me and my colleagues happy
     
  2. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
  3. duijv023

    duijv023 Registered Member

    Joined:
    Feb 16, 2006
    Posts:
    230
    Location:
    Rijnsburg, Netherlands
    In this case it will not be resolved by a signature update, because the behaviour of the tool "may be unwanted". And I want my EAV4 to scan and quarantine that category :D .

    But on the other hand, when I want to exclude a particular file, I want to be able to do so.

    I hope we can have the discussion in a good matter of understanding.
    I believe the other thread you mentioned was not a good example of clear communications :D

    Greetings from Holland
     
  4. duijv023

    duijv023 Registered Member

    Joined:
    Feb 16, 2006
    Posts:
    230
    Location:
    Rijnsburg, Netherlands
    another solution may be to exclude certain foldernames with all objects in the folder. For example:

    C:\toolbox\*.* (everything within that folder)
    But the toolbox folder may be everywhere on the machine, and even on other drives (USb drives!)

    So that option is on my wish list too :p

    greetings from holland!
     
  5. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
    From memory both Kaspersky and Symantec will behave similarly. In the other thread there was a mention that McAfee allows global exclusions. If it does then again from memory it might be Enterprise and not Home version where its Artemis engine jumps on anything remotely suspicious (and can't be excluded either)
     
  6. duijv023

    duijv023 Registered Member

    Joined:
    Feb 16, 2006
    Posts:
    230
    Location:
    Rijnsburg, Netherlands
    forget this particular post; I did not look good,
    it was restored as it should, but I did not see it
     
    Last edited: Apr 27, 2010
  7. duijv023

    duijv023 Registered Member

    Joined:
    Feb 16, 2006
    Posts:
    230
    Location:
    Rijnsburg, Netherlands
    @cudni:
    We are talking about Eset NOD32 here. I will not switch to other software as I want to work with Eset NOD32 - period.

    I don't want to be unfriendly but please stay on the ESET road here.
     
    Last edited: Apr 27, 2010
  8. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
    I think we are at cross purposes here and you are jumping to strange conclusions.
    In any case how about based on
    http://kb.eset.com/esetkb/index?page=content&id=SOLN560

    C:\*ipscan*.exe where C can be other drives/paths

    would that work?
     
  9. duijv023

    duijv023 Registered Member

    Joined:
    Feb 16, 2006
    Posts:
    230
    Location:
    Rijnsburg, Netherlands

    My conclusion is not so very strange as I tested it and it does not work :cool: .


    Greetings from a dark Holland
     
  10. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
  11. ThomasC

    ThomasC Former ESET Support Rep

    Joined:
    Sep 8, 2008
    Posts:
    209
    You certainly can submit the file as a false positive however, it is defined as potentially unwanted then the only way to exclude the file is by specifying an absolute file path in the exclusion. As for excluding the contents of a sub folder that is absolutely possible. Such as C:\SomeDir\*.*. This is just the way the product functions. It will allow you to enter any value you want into the exclusions. However, if it is in the wrong format it will simply ignore the value.
     
  12. duijv023

    duijv023 Registered Member

    Joined:
    Feb 16, 2006
    Posts:
    230
    Location:
    Rijnsburg, Netherlands
    well, used in that way it works right :)

    But it would be even nicer if we could configure "something.exe" to be excluded from scanning regardless the location of the file. That possibility would be very nice for network configurations (simply drop it in an config.xml and you've taken care of your whole network).

    But i read the other thread and i assume there are reasons for this choice so this thread can be closed.

    Greetings from a very rainy Holland :ouch:
     
  13. pendarus

    pendarus Registered Member

    Joined:
    Jun 18, 2009
    Posts:
    4
    Most other major Anti-virus products allow something like you describe.

    I use Spector 360, to monitor my users activities for security and legal purposes, and NOD32, randomly decides to quarantine the Spector client. Spector uses known file names, but places some files in random locations. ESET's exclusion system does not seem to be able to handle the simple task of globally excluding a file by name.
     
Thread Status:
Not open for further replies.