How to exclude folders and subfolders in the F-Secure Policy Manager Console?

Hello, I have just found a manual from F-Secure Anti Virus for Workstation, but none on the F-Secure Policy Manager Console. 1. How can I exclude folders and subfolders in the F-Secure Policy Manager Console? 2. If I exclude a folder, all subfolders and files will be excluded in this folder too? Best regards, Patte

Answers

  • BenBen Posts: 2,640

     Hello Patte,

     

    You should be able to set object exclusions in the Policy Manger console in advanced mode, in the Policy tab under

    F-secure Anti-Virus>>Settings>>Settings for Real-Time Protection>>Scanning Options>>File Scanning>>Inclusions and Exclusions.

     

    First enable the option and then fill in the "Excluded Object" table as wanted.

     

    The following article might be useful to you for the formatting of your exclusions

     http://community.f-secure.com/t5/End-point/Using-wildcards-in-exclusions/ta-p/20428

     

     

  • I'm also having the same issue. I tried everything but it's not working. I have a file that still getting blocked (named "convJPEG.exe") and it's not a virus, it's a process in our business software. I also have tried evrything descibe here:

     

    http://community.f-secure.com/t5/End-point/Using-wildcards-in-exclusions/ta-p/20428

     

    But it's doesn't work. File is still block each time I release it. Strangely, everything was working fine before last week-end...

  • BenBen Posts: 2,640

    Hello Patrick_C,

    In your case I would advise you to exclude the process in the Policy Manager
    F-secure Anti-Virus>>Settings>>Settings for Real-Time Protection>>Scanning Options>>File Scanning>>Inclusions and Exclusions.

    First enable the option and then fill in the "Excluded Processes" table as wanted.

    You might also want to submit the application as false-positive to our lab in order to have it added to the whitelist.

  • Hello Ben,

     

    Thanks for your quick answer. But like I said in my request, this step has already been done and it's not working. I'm still having a file bloqued by F-Secure. This file (convjpeg.exe) is present and used for years here and since last week-end, it's been block by F-Secure. That's why I want to exclude it from real-time scanning, but it's doesn't work.

     

    If I setup this exclusion directly in a F-Secure workstation, it's wokring. It's only in F-Secure Policy Manager Console that does'nt work. And I can't pass trought all my 50 computers to set this up... Smiley Sad

     

    Thanks!

  • BenBen Posts: 2,640

    Hello Patrick_C,

     

    Can you check that your clients/ workstations are indeed receiving the policy containing the exclusions?

    You can go in the User Interface on one client, in the settings and under Other settings>>Central management>>Policy information.

    Or in The Policy manager under the status tab in anti-virus mode.

     

    Also when you are saving the exclusion table, could you try forcing the table?

     

    As mentioned earlier, contacting our support so that they can take a better look at the issue, might be necessary.

     

    Thank you

  • Hello Ben,

     

    I have check what you ask me and it's correctly setup. I tried to froce the table, but it still the same thing. I will follow your request and contact your technical support to fix this.

     

    Thanks again for your help! :)

  • MJ-perCompMJ-perComp Posts: 1,098

    Hi,

    may I just add that F-Secure does recommend NOT to use any exclusions at all! If you face a problem (performance or false positive) you should always report these to support ASAP so that the cause can be fixed.

     

    If an exclusion is needed, then it should be temporaily and removed asap again.

     

    Neither Microsoft nor Citrix (both often quoted) recommend to add permanent exlusions!

     

    HTH

    Matthias

  • Hi Matthias,

     

    That exactly what I did yesterday. I sent my file to F-Secure for analyse and file result o.k. It supposed to be corrected in a next update. I just hope it won't take too long becase I'm still having issues with it even if I have configured exclusions... Smiley Sad

     

    Thanks!

     

     

    Patrick.

  • JaysonJayson Posts: 595

    Hi Patrick,

    I just wanted to make sure that your issue is fixed since the release of the update. Please feel free to contact us again and update the post with your query If you have further question or issue.

    Thanks.


    Best Regards,
    Jayson

  • I'm having the same issue,

     

    I had this problem on PMS/PMC 11.20, 11.21 and 11.22 which is realesed lately on both CS 11.50 and 11.60

     

    it's not about policy distribution as excluded object which is a file name like "keygen.exe" is found in policy.bpf on client side. (no need to mention that these type of exclusion by PMC is not shown in CS GUI settings)

     

    these syntaxes have been tried :

     

    {
    {15:*\\*keygen.exe*}
    }
    {
    {12:*keygen.exe*}
    }
    {
    {10:\\*keygen*}
    }
    {
    {14:\\*keygen.exe*}
    }
    {
    {10:keygen.exe}
    }

     file location can't be defined exactly as every user would download it from server to arbitrary location in hard drive, that's why I can't use a specific location syntax.

     

    by the way, I even excluded filename in process exclusion and of course enabled the feature in advanced mode.

     

    I sent email to request support and still no solution.

     

    Can anyone help me, I really need to handle exclusion for our customers.

     

    Regards

     

     

    EDIT: REMOVED PERSONAL INFO

  • VadVad Posts: 1,039

    Hello Sarshar,

     

    Could you please, provide your support request ID. We'll probably need fsdiag and Scanning Platform debug logs collected on affected host to identify the issue.

    Also, please try:

    *keygen.exe

     

    Best regards,

    Vad

  • Thanks for reply

     

    I tried *keygen.exe, no success.

     

    I sent serial emails to Mr. Knut Vatnetstrom and received some, but no support IDs.

     

    I thought maybe some users found a solution.

     

    Regards,

    [email protected]

     

    EDIT:REMOVED PERSONAL INFO

  • BenBen Posts: 2,640

    Please request the support ticket number from your contact, or proceed to open a support ticket here if none has yet been created.

     

    For privacy reason please avoid  signing your posts using your email address. 

  • Got this error :

     

    The server encountered an internal error or misconfiguration and was unable to complete your request. Please contact the server administrator.

     

    Couldn't register a support ticket

  • Hello Sarshar ,

     

    We have tried, and managed to open a support ticket successfully using the web form given by Ben earlier.

     

    Please give that a trial again and let us know how it goes.


    Thank you.

     

    Regards,

    CheeHow

  • Thanks, I tried Kudos which doesn't work :)

  • I'm still waiting for solution.
    My ticket number is :
    SR ID: 1-XXXXXXXXX
    Created: 2014-09-04 04:29:25 PM
    Subject: [SR ID:1-XXXXXXXXXX] Re:Filename exclusion in PMC

     

     

  • BenBen Posts: 2,640

    Did you review the information send by the support agent on the 5th?

     

    In order to speed up the resolution, please send an fsdiag in your support ticket so that we can review the implementation of the current exclusions. 

     

     

  • syntax trick didn't work if you mean.

    anything else ?

  • VadVad Posts: 1,039

    Sarshar,

     

    Yes, we are waiting for fsdiag collected on one of your affected hosts.

     

    Best regards,

    Vad

  • It's weird, today I tried to regenerate fsdiag to send to F-Secure, but I wanted to check policies once again before fsdiag generation. suddenly I saw excluded objects in FSCS GUI !!! not exclusion is working on my machine !

    DeepGuard stopped the app but I added SHA1 hash which worked fine and now everything is ok.

    I will check with customer to see if they still have problem or not.

    Did you release any product update about it ? hot fixes or patches ?

    How come the issue gone without any changes ?!?!

     

    Anyhow many thanks for your support, i will be testing on the other policy domains as well.

     

    Regards

  • VadVad Posts: 1,039

    No, we didn't release any updates, fixes or patches. Probably, previously your host didn't receive the policies with exclusions from PM. And today it finally got them.

     

    Best regards,

    Vad

  • Dear Vad, previously policies were received as they could be found in policy.pbf but they weren't shown in Client Security exclusion objects. there should be a problem about CS and policy.pbf relation not PM -> CS relation.
This discussion has been closed.