How to configure the F-Secure end-point protection client from scanning when Installing 3rd party ED

Customer_Care

Issue:

When installing a 3rd party EDR client on a computer running an F-Secure endpoint protection software, which are the recommended exclusions to bypass the F-Secure client in context of the EDR solution?
 

Resolution:

You can exclude any and all files residing the in the directory pointed to by this registry key:

• HKEY_LOCAL_MACHINE\SOFTWARE\F-Secure\Ultralight\Settings\product.paths

The value will contain the directory to skip (also include content of sub directories in the exclusion). 
Note that this approach works with Ultralight based F-Secure products (CS 13 and later, Server Security 14.x and later).

If a broad exclusion of our product folder is not acceptable, use the following alternative

As previously, read the product path value from HKEY_LOCAL_MACHINE\SOFTWARE\F-Secure\Ultralight\Settings\product.paths
Then construct the exclusion using the following logic.

<product-path>*\Ultralight\ulcore\*\fsorsp*.exe
<product-path>*\Ultralight\ulcore\*\fshoster*.exe

(the wildcard "*" represents here 0 or more characters)

For example, if the product installed in the folder C:\Program Files (x86)\F-Secure\Client Security\
the exclusion should match:

C:\Program Files (x86)\F-Secure\Client Security\Ultralight\ulcore\1570191397\fsorsp64.exe
C:\Program Files (x86)\F-Secure\Client Security\Ultralight\ulcore\1570191397\fshoster64.exe

Please note that exclusions  fshoster*.exe and fsorsp*.exe cover both 32 and 64 bit operating-systems e.g. fsorsp64.exe or fsorsp32.exe both should match the above pattern. 

Article no: 000018299