DeepGuard exclusion settings
Does anyone know whether it is possible to exlude a full directory, or a wildcarded filename to the DeepGuard allowed programs list?
Some idiot thought it would be a good idea to randomly generate the filename for an executable, so even after I allow the specific file to run, the program just creates a file with a new name, and that one gets blocked again.
Buy that guy a rope and tell him to shoot himself wherever the river is deepest ;-)
Excluding a path should work as well as using wildcards.
Thanks, but I'm not entirely sure that that helps me. These articles seem to be about exclusion for a virusscan, and my issue is with the DeepGuard function that kicks in when I try to run the program.
Or is there a DeepGuard configuration option that allows those types of exclusions as well? in that case I haven't been able to find it.
It is the same list. I just tested it!
I think exclusions can be done in FSPM (F-Secure Root / DeepGuard / Setting / Applications) by specifying the SHA-1 checksum(s) of the trusted object(s).
This method should be OK for randomly named executables, as long as the code is not also self-modifying.
Regards: Tamas Feher, Hungary.