V4 - Exclusions not working?

Discussion in 'ESET NOD32 Antivirus' started by jimwillsher, Mar 11, 2009.

Thread Status:
Not open for further replies.
  1. jimwillsher

    jimwillsher Registered Member

    Joined:
    Mar 4, 2009
    Posts:
    668
    Hi all,

    I must be doing something stupid, since this is fundamental.

    V4 AntiVirus Business Edition.

    Within:

    Antivirus and antispyware > ThreatSense > Setup > Extensions

    I have added: LDF, LOG and CHK entries.

    Within:

    Antivirus and antispyware > Real-time file system protection > Setup > Extensions
    I have added: LDF, LOG and CHK entries.



    If I then close the setup screen and look a protection Status > Statistics I will often see against Scanned Object files with CHK, LDF or LOG extensions. These should all be omitted, surely?

    Many thanks for all suggestions!



    Jim
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Could you download the eicar test file, rename it to eicar.log and then scan it with these extension exclusions in place?
     
  3. jimwillsher

    jimwillsher Registered Member

    Joined:
    Mar 4, 2009
    Posts:
    668
  4. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    I, too, meant real-time protection. By doing as I suggested you could verify if those files are only processed, but not scanned when the program determines they shouldn't be or whether exclusions don't work properly and eicar would actually be scanned and detected.
     
  5. jimwillsher

    jimwillsher Registered Member

    Joined:
    Mar 4, 2009
    Posts:
    668
    Ok, the UI is a bit misleading.

    I set up ESET to not scan .abc files, and I then visited the EICAR website to get the EICAR text. I pasted the text into Noteoad and saved the file.

    Whilst the file was not rejected by ESET, the name did appear in the Statistics screen against the "Object Scanned" field. So even though an object is being skipped (excluded) it shows up as having been scanned.


    Jim
     
Thread Status:
Not open for further replies.