Ignore exclusions for fsscan.exe Command-Line scanner utility.
Accepted Answer
Answers
-
Hello,
Do you mean you want to run/use fsscan.exe manually?
Currently, scanning exceptions/exclusions only apply to real-time scanning (as I think). Manual scanning (context scan) and scheduled scanning/checks scan all available or accessible items.
But via command prompt/line - you can choose what to scan with fsscan.exe; you can check available 'supported' options or arguments via "-h" or "--help" (I mean, depends probably on your solution/system).
So, if you want use fsscan.exe manually/directly, then, maybe you could create some script(s) to scan only the items you "want". More of a workaround, but still.
I think the current design with exclusions was once called "intentional" (I don't know if there would be any reason to change that).
-
Hi there.
Actually, I have a folder which I don't want F-Secure itself to interfere when I copy a malicious file there, but only upon calling fsscan.exe on my own.
And no, unfortunately, when I exclude an entry via F-Secure settings, fsscan.exe also takes that into account, which returns an HTML webpage in response, stating the folder I've specified is in exclusions list, therefore, the threat is not detected at all.
-
-
Hello,
Thanks for your responses.
First of all - sorry that my knowledge / experience about this routine is outdated. I haven't properly checked it on my system (yet).
Or if just certain actions / type of files are exclusively treated.
Actually, I have a folder which I don't want F-Secure itself to interfere when I copy a malicious file there, but only upon calling fsscan.exe on my own.
Well, previously I think adding it to the exclusion list should have been enough then. By this I mean that files in the excluded folder would only be detected by a manual direct scan (or scheduled scan). Calling fsscan.exe is something like "manual scan" or "scheduled scan" basically (as I remember - list of exceptions/exclusions was not followed on purpose).
For example, that is how I understand the old situation: if you excluded a file - then it will not be detected by automatic scanning (not counting scheduled scans) as real-time protection and by manual scanning unless the excluded file is scanned directly (such as, directly; rather than, probably, the folder containing it). By excluding entire folder with files - then scanning folder should be alright, but direct scanning files inside may be with detection.
However, perhaps the situation is different now or depends on the type of item being detected. Because based on your feedback - I decided to play a bit and I tried to use recent YellowKey exploit as an example; I excluded a certain drive, a certain folder, and was able to copy zip-archive with YellowKey (exploit) to the excluded folders without detection. I was then even able to scan it directly as a file and as folder contents without any detection (otherwise, it would have been detected in non-excluded paths). And can confirm that based on report's log (and the actual result) - using default fsscan.exe will follow list of exceptions/exclusions.
Sorry for misinformation then. :(
// or maybe I just misremembered it. about other parts of functionality.
If I remove the exclusion however, then F-Secure itself will interfere, before I can do anything with fsscan.exe myself.
Yes, even when trying to 'scan' it - F-Secure should handle it as 'access' (if real-time protection is enabled) - so, probably, detect items before 'utility' in generic terms.
I am not sure about any 'suggested' workarounds then.
-
Hello again.
I highly appreciate the precious time and effort you put for testing. And there is definitely nothing to be sorry about.
I've already made a feature request. Let's cross our fingers that F-Secure team will take it into account for the future releases.
Thanks once again and have a great day.
-
Also, while I was investigating the issue, an idea came to my mind.
Instead of implementing a feature that gives user the ability to exclusively 'specify' which exclusions go where, F-Secure development team can add an optional switch to fsscan.exe command-line utility (such as -ig, —ignore-exclusions, or whatever, I'm not good at picking names :) ) that when it is specified, it simply ignores the whole exclusion list entirely, therefore, reporting the threat and its specifications back to console.
This way, I believe it wouldn't be much of a hassle, both for the user and the kind developer team.
(P.S. Sorry for double-posting. At the time, I wasn't aware that I could edit my post)
