DeepGuard exclusion settings

Festuco

Does anyone know whether it is possible to exlude a full directory, or a wildcarded filename to the DeepGuard allowed programs list?

 

Some idiot thought it would be a good idea to randomly generate the filename for an executable, so even after I allow the specific file to run, the program just creates a file with a new name, and that one gets blocked again.

MJ-perComp

Buy that guy a rope and tell him to shoot himself wherever the river is deepest ;-)

 

Excluding a path should work as well as using wildcards.

see here

http://www.f-secure.com/en/web/business_global/support/article/kba/15193/s/server.1506/p/2

and here

http://community.f-secure.com/t5/End-point-Security/Exclusion-of-directories-using-wildcards/td-p/5545

 

BR

 

 

 

Festuco

Thanks, but I'm not entirely sure that that helps me. These articles seem to be about exclusion for a virusscan, and my issue is with the DeepGuard function that kicks in when I try to run the program.

 

Or is there a DeepGuard configuration option that allows those types of exclusions as well? in that case I haven't been able to find it.

MJ-perComp

It is the same list. I just tested it!

Festuco

I would never have expected that from looking at the settings in the UI, but am very glad that you are absolutely right.

 

Thank you very much!

beiker

Works right here too. Brilliant! 

etomcat

Hello,

 

I think exclusions can be done in FSPM (F-Secure Root / DeepGuard / Setting / Applications) by specifying the SHA-1 checksum(s) of the trusted object(s).

 

This method should be OK for randomly named executables, as long as the code is not also self-modifying.

 

Regards: Tamas Feher, Hungary.