nod32 exclusion list not working...

Discussion in 'NOD32 version 2 Forum' started by James314, Sep 1, 2005.

Thread Status:
Not open for further replies.
  1. James314

    James314 Guest

    hi all,

    I am trying to exclude the following file as I now think - although noone can give me a 100% sure answer - that it is a legititmate spybot search and destroy registry backup file:



    Time Module Object Name Threat Action User Information
    01/09/2005 21:34:51 AMON file C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Backups\regLocal.reg probably unknown SCRIPT virus IBM-D1AA666C235\Simon Event occurred at an attempt to access the file by the application: C:\WINDOWS\Explorer.EXE.

    However, even though I have added the file to Amon's exclusion list, Amon still warns me of it when I do a manual 'scan and clean' - whats going on here?

    thanks,

    James
     
  2. zashita

    zashita Registered Member

    Joined:
    May 17, 2005
    Posts:
    309
    Hello,

    try to add the short path name in the esclusion list too (C:\DOCUME~1....)
     
    Last edited: Sep 1, 2005
  3. James314

    James314 Guest

    Could you elaborate a little bit as I dont quite understand what you mean. What the shorter file name look like this: C:\DOCUME~reglocal.reg

    Sorry, its just that I have no idea what you mean...

    thanks.

    J.
     
  4. rumpstah

    rumpstah Registered Member

    Joined:
    Mar 19, 2003
    Posts:
    486
    Hi James314:

    Here is a free utility to copy path names in 8.3 (short) or long called Ninotech Path Copy.

    This will add a context menu (right click) Copy Path selection to a file or folder.

    Short path
    D:\UTILIT~1\BITTOR~1\BITTOR~1.EXE

    Long path
    D:\Utilities\Bittorrent-Download Manager\bittorrent-3.3.exe

     
  5. Howard

    Howard Registered Member

    Joined:
    Sep 3, 2004
    Posts:
    313
    Location:
    Wales, UK
    Now that is a very handy utility - thanks :)
     
  6. webyourbusiness

    webyourbusiness Registered Member

    Joined:
    Nov 16, 2004
    Posts:
    2,640
    Location:
    Throughout the USA and Canada
    most useful!!! thanks rumpstah!
     
  7. James314

    James314 Guest

    thanks for that rumpstah, thats a great utiliity to have. But unfortunately, despite my adding the short file path in addition to the long file path, nod32 refuses to exclude the spybot file as it keeps warning me of it when I perform an on demand scan or if I or any program attempts to access it.

    I must say that nod32 is starting to grate on me, especially when one considers the ease of use of rival programs like Kaspersky. All I want to do is exclude a file and I cant...its ridiculous!

    If any nod32 experts could help I would really appreciate it.

    thanks all for your suggestions so far,

    J.
     
  8. webyourbusiness

    webyourbusiness Registered Member

    Joined:
    Nov 16, 2004
    Posts:
    2,640
    Location:
    Throughout the USA and Canada
    have you tried excluding the folder which these files reside in?

    I too had exclusion issues, but that was pre-2.5.. my issues cleared up with the launch of 2.5
     
  9. James314

    James314 Guest

    Ok, I just excluded the whole s&d folder and then I tried excluding the registry backup subfolder and still Amon detects it!!

    Is this some kind of bug affecting the exclusion of registry files?

    thanks for the suggestion webyourbusiness, much appreciated.

    J.
     
  10. James314

    James314 Guest

    Hi Rumpstah, my system is running very smoothly as I recently performed a fresh windows installation. I therefore find it hard to beleive that this is a problem with my system; normally I would think it was a system issue but deffinately not now...

    thanks for the suggestion and I will register when I get a moment.

    J.
     
  11. webyourbusiness

    webyourbusiness Registered Member

    Joined:
    Nov 16, 2004
    Posts:
    2,640
    Location:
    Throughout the USA and Canada
    rumpstah - why can't you just tell EVERYONE what that deeper issue is...
     
  12. LuckMan212

    LuckMan212 Registered Member

    Joined:
    Aug 19, 2004
    Posts:
    252
    agreed.. I would like to know as well as I have had nothing but headaches with NOD32s exclusion system. I have never gotten it to work right depsite adding each file twice (short + long name)

    seems this entire function may be in need of an overhaul :doubt:
     
    Last edited: Sep 5, 2005
  13. James314

    James314 Guest

    hmm...silence from the nod32 experts on this one I guess. No matter, I have switched to Kaspersky and its light, has a much better interface, is obviously powerful and has a reliable exclusion list. Bring on Kaspersky 6!

    Nod32 really need to pull their finger out, I know someone will inevitably post now saying that they have had no trouble with nod32 and that it must be my system but thats just part of the whole silly AV loyalty thing.

    thanks anyway for all of your suggestions,

    J.
     
  14. tony62

    tony62 Registered Member

    Joined:
    Aug 26, 2005
    Posts:
    214
    Location:
    UK
    I was just about to start a new thread, that is until i came across this one.
    I have tried to exclude Outpost firewall from being scanned, and until of late AFTER assisting someone on Outpost Forum, that mine was no longer working:mad: I have also tried excluding Outposts Folder, with no result other than the particular files showing up in AMONo_O

    Any particular reason for this behaviour??
     
  15. tony62

    tony62 Registered Member

    Joined:
    Aug 26, 2005
    Posts:
    214
    Location:
    UK
    My apologies, it does work. I used Systernals' File monitor to get the exact directory names. :D
     
    Last edited: Dec 5, 2005
  16. gue_st

    gue_st Guest

    Have you tried to browse the file instead of entering the path? There are two buttons on the bottom - "Folder" and "File".
    I am doing that way and it works.

    And you are not going to suspect me in that "whole silly AV loyalty thing"? :D
     
Thread Status:
Not open for further replies.