Folder redirection issue

Hi,

 

Product FS WS 11.5

 

Related to :

http://community.f-secure.com/t5/End-point/folder-re-directs/td-p/17964

 

I have a similar issue with folder redirection.

If a spyware is detected in the download directory, FS (11.5) throw it to quarantine but the file located locally is not. Thus I get emails alerts because (I guess) FS wan't remove or place the local file in quarantine.

 

Is the exclusion a good solution for this issue ?

The article mentionned in the previuos thread is not reachable :  http://www.f-secure.com/de/web/business_de/support/article/kba/15193/k/wildcard/p/1

 

Thanks for your support

Regards

 

 

 

Answers

  • Hi RPE,

     

    Here is the link you were looking for:

     

    http://community.f-secure.com/t5/End-point/Using-wildcards-in-exclusions/ta-p/20428

     

    Exlusion make sense if the folder you are scanning is hosted on a remote server. It makes more sense to have the remote server then scan the folders locally as it will consume less time and resources. Even more if you have several workstations trying to remotely scan a folder hosted on a server.

     

    Regards,

  • VadVad Posts: 1,039

    Hello RPE,

     

    Here is a working link to the article:

    http://community.f-secure.com/t5/End-point/Using-wildcards-in-exclusions/ta-p/20428

     

    Best regards,

    Vad

     

  • RPERPE Posts: 4

    Hi,

    thank you for the link.

     

    Exlusion make sense if the folder you are scanning is hosted on a remote server. It makes more sense to have the remote server then scan the folders locally as it will consume less time and resources. Even more if you have several workstations trying to remotely scan a folder hosted on a server.

     

     

    This is not quite the case.

    Folders (doc&settings, desktop..) are redirecting and hosted on a NetApp vFiler (NAS).

    Local machine executes F-Secure WS.

    The problem is not ressource consomption but quarantine/deletion file on the hosted folder that is not feeded back to the local Windows folder used for synchronisation cache (%systemroot%\CSC).

    Even if the file on the hosted folder is clean, the cache folder continues to be scanned and causes alerts because spyware/virus file is still present in the cache.

     

    Fortunatly we don't have alerts every day, but each times it occurs, it's a mess for cleaning this :

    -we tried to force synchronisation with no effect,

    - we tried to reset CSC database but this causes a bad reset of folder redirection's localization and a new synchronisation may takes a lot time

    - We tried to clean directly  %systemroot%\CSC and subfolders. It works but we have to affect folders rights to admin to be able to reach right folder and to delete the file.

     

    Exclusion of  %systemroot%\CSC could be the best way to solve this but what about mobile workstations (laptops) that synchronizes maybe 1 time per week?

    If I exclude %systemroot%\CSC and copy a virus file on Desktop in disconnected mode, will F-Secure scan and detect the virus?

     

    What is the best strategy according to you?

     

    Regards,

  • If a laptop is protected by F-Secure, the malware is likely to be detected before it is placed on the Desktop. However, assuming for some reason the malware is not detected at that time and copied over to the NAS, then what you could do is have a dedicated scheduled scan set to scan the NAS from another host regularly. Then that will remove any malware which might have made it thru.

    Regards,
This discussion has been closed.