DeepGuard exclusion settings
Festuco
Posts: 3
Does anyone know whether it is possible to exlude a full directory, or a wildcarded filename to the DeepGuard allowed programs list?
Some idiot thought it would be a good idea to randomly generate the filename for an executable, so even after I allow the specific file to run, the program just creates a file with a new name, and that one gets blocked again.
0 Like
Accepted Answer
-
MJ-perComp
Posts: 1,101 Superuser
Buy that guy a rope and tell him to shoot himself wherever the river is deepest ;-)
Excluding a path should work as well as using wildcards.
see here
http://www.f-secure.com/en/web/business_global/support/article/kba/15193/s/server.1506/p/2
and here
BR
5 Like
This discussion has been closed.
Comments
Thanks, but I'm not entirely sure that that helps me. These articles seem to be about exclusion for a virusscan, and my issue is with the DeepGuard function that kicks in when I try to run the program.
Or is there a DeepGuard configuration option that allows those types of exclusions as well? in that case I haven't been able to find it.
It is the same list. I just tested it!
I would never have expected that from looking at the settings in the UI, but am very glad that you are absolutely right.
Thank you very much!
Works right here too. Brilliant!
Hello,
I think exclusions can be done in FSPM (F-Secure Root / DeepGuard / Setting / Applications) by specifying the SHA-1 checksum(s) of the trusted object(s).
This method should be OK for randomly named executables, as long as the code is not also self-modifying.
Regards: Tamas Feher, Hungary.