Excluding files/folders

This may or may not be an issue, but with the original beta of FSecure, I was able to exclude drives.. This iteration (new FSProtection) appears not to let me do that.. as I excluded 2 internal drives, namely 'D' & 'E' and the program promptly scanned both drives and quarantined exe's which was contrary to my wishes! The fact that the exclusions were 'allowed' by the program, should have done just that.. excluded them from the scheduled scan!

Best Answer

  • NikKNikK Posts: 931
    Accepted Answer

    Ok, well in that case it's bad!  Some other useful info:

     

    Because of the real-time scanning it's not really necessary to scan manually/scheduled:

    https://community.f-secure.com/t5/Security-for-PC/Should-I-manually-scan-my-hard/ta-p/15412

     

    If you use the command line based scanner, FSAV, you can specify exactly what you want to scan. If you use Windows Task Scheduler to run it it will run as System just like an ordinary scheduled scan does. If you want to run it as a batch file you can use an MS utility called PsExec to run as System.

    Edit: with "run it as a batch file" I mean run manually

    Example here: https://community.f-secure.com/t5/Security/2nd-Full-Scan-is-not-faster/m-p/32585/highlight/true#M5744

     

    C:\>"C:\Program Files\F-Secure\apps\ComputerSecurity\Anti-Virus\fsav.exe" /?
    Give scan path as first parameter. Supports multiple paths.
    Paths are given without the parameter specifier.

    Other valid parameters:
    /ALL        Do a dumb scan of all files.
    /APPEND     Append to existing report file.
    /ARCHIVE    Scan inside .ZIP, .ARJ and .LZH files.
    /BEEP       Beep when a virus is found.
    /DELETE     Delete infected files.
    /DISINF     Disinfect whenever possible.
    /EXT=       List of file extensions to be used in the scan
    /HARD       Scan the hard disk(s).
    /HELP       Display this list.
    /LIST       List all checked files.
    /NOBOOT     Do not scan boot sectors.
    /POLICY     Read scanning parameters from the policy.
    /QUAR       Quarantine infected files.
    /RENAME     Rename infected COM/EXE files.
    /REPORT=    Send the output to a file.
    /ROOTKIT    Scan system for rootkits.
    /SILENT     No output.
    /SPYWARE    Scan the specified path for spyware
    /SYSTEM     Scan the computer for active viruses
    /USEACCOUNT Always use the command-line scanner's account for scanning.
    /VERSION    Show scanner version information.

    acegeezer

Comments

  • SimonSimon Posts: 2,610 Superuser

    That doesn't sound like particularly useful behaviour from the product!  Have you reported this as a bug via the Beta portal?  If you do this, and attach an FSDIAG, they might be able to see what went on (or didn't!)  :)

  • Hi Simon, it appears that under a scheduled scan the program uses the manual scan settings/parameters, but automatically scans (by default) archives/harmful files, which are then "cleaned automatically".. Seems to defeat the object of file exclusion, doesn't it?
  • NikKNikK Posts: 931

    There are different types of exclusions: real-time scaning & manual scanning

     

    If you have manual scanning exclusions these will be listed at the bottom of the scanning report, even for scheduled scans.

  • The problem is.. there are no exclusions available for selection from the scheduled scan screen, it states at the base of this screen that the settings within "manual scanning" are used.. but, over-ridden by default within scheduled scans.. regarding archive and whatever the program deems as suspect files irrespective of exclusions shown in "manual" screen!

     

    Furthermore, there are no settings to select which drive/s to scan or exclude from the scheduled scan.. this has to be put into the finished product :)

  • NikKNikK Posts: 931

    You go to settings for manual scan and make the exclusions there. Then when the schedules scan has finished you check the scan report for information about excluded items/folders.

     

    I've done this many times. No problems. In my case I have a lot of encrypted files with EFS that the scheduled scan can't access because it runs as system and not as "me" as a manual scan does. The manual scanning exclusion will make the scheduled scan skip these folders. Otherwise the scan report will be filled with "can't access" errors for every encrypted file, and I can't see other errors.

  • NikKNikK Posts: 931

    I don't have the beta but I would be very surprised if they changed how this works.

  • Well, it actually states on the scheduled scan screen that it will scan all archives/harmful files and take action.. that being Quarantine, which is where I had to go to restore them all, so it is different to the previous iteration of the security setup as I stated in first post, the previous version did allow exclusions in scheduled scan screen.

     

    This is the terminology at the bottom of the scheduled scan screen.. Quote " Scheduled scanning uses the same settings as the manual scanning, except that archives are scanned and harmful files are cleaned automatically".. this is not satisfactory really, and as you say you aren't using this beta!

     

    I guess this now requires escalating!

  • NikKNikK Posts: 931

    This is how it looks in the non-beta. No way to make exclusions from the settings page for scheduled scans(because you have to do this from "Manual scanning" page). Are you saying the beta is different from this?

    schedscan.png

  • No.. I'm not saying it's any different, but when the exclusions for my internal drives 'D' & 'E' were classified as such, the scheduler did NOT scan those drives, but in this version it does. Irrespective of this, why is there no facility in the scheduling part to specify what scans I as the user would like. The manual screen is fine for one offs, but my scheduler is used far more and on a daily basis.

  • That will do it!

    Thanks Nik .. Smiley Happy 

  • NikKNikK Posts: 931

    You're welcome!

     

    A note about the /POLICY parameter:

     

    I started using that parameter because it was convenient, I didn't have to specify any other parameters because /POLICY uses the settings for the manual scan settings. The bad thing is that you can't really control what it scans even if you specify only E: for example. It'll still start scanning C: although I think it's because it automatically scans the "system" also (/SYSTEM)

     

    IMO it's better to specify all parameters needed and skip the /POLICY

    Example: fsav.exe E: /ALL /ARCHIVE /BEEP /QUAR /SPYWARE

     

    This will scan only E:

  • Thanks for the help Nik.. :)
This discussion has been closed.