Excluding directory

Hi,

I am trying to exclude a directory but am having difficulty.  I’m sure I am just missing something obvious.  The client is Windows 8.1 running Client Security 11.61.  It continually logging this:

 

Malicious code found in file D:\Directory\Dropbox\.dropbox.cache\~caaddc6b.tmp.
Infection: Backdoor.Generic.746225
Action: The file was deleted.

 

In the policy manager in ‘Advanced Mode’, Policy tab, under F-Secure Antivirus 9.51, Settings, Settings for Real-Time Protection, File Scanning, Inclusions and Exclusions, Excluded Objects, I have the following:

 

*\\.dropbox.cache\\*
*\\HarddiskVolume*\\Directory\\Dropbox\\.dropbox.cache\\*

 

However, when I click on the Status tab I don’t see anything for excluded objects.  As far as I can tell the host has the latest policy.  I did a ‘fsmautil.exe poll’ on the hosts and got an OK reply.  I also verified on the policy manager (using Anti-virus mode view) and for ‘policy in use’ it says latest.

 

I have looked at the following but don't see what I might be doing wrong:

http://community.f-secure.com/t5/Business/Exclusion-of-directories-using/m-p/5545

http://community.f-secure.com/t5/Business/Using-wildcards-in-exclusions/ta-p/20428

 

Any help would be greatly appreicated.

 

Thanks,

Brad

Comments

  • VadVad Posts: 1,067 F-Secure Employee

    Hello chef,

     

    To make sure that your client has an exact setting in policy, you can use polutil.exe tool from F-Secure\common folder.

    For example full policies dump in file policy.txt can be created using following command:

    polutil.exe dump policy.txt

     

    If you still have a problem with exclusions, please, contact support. We'll need support tool information collected from affected host for further analisys.

     

    Best regards,

    Vad

  • chefchef Posts: 3

    Hi Vad,

     

    I can see this in the output of polutil.exe dump policy.txt

     

    "1.3.6.1.4.1.2213.12.1.111.2.100.100.50","base","row","no","0","*\\\\.dropbox.cache\\\\*"
    "1.3.6.1.4.1.2213.12.1.111.2.100.100.50","base","row","no","2","*\\\\HarddiskVolume*\\\\Directory\\\\Dropbox\\\\.dropbox.cache\\\\*"

     

    So it looks like it has the latest policy.  Could the problem be that the files begin with a ~?  I am trying to exlcude the whole directory.

     

     

  • etomcatetomcat Posts: 1,319 Superuser

    Hello,

     

    Submit a file to F-Secure Virus Lab, so they can fix the scanning logic which causes the false alarm (if it is indeed a false alarm). Exclusions are only a band aid.

     

    Best regards: Tamas Feher, Hungary.

  • Peter-FlPeter-Fl Posts: 1

    Im sorry to say , but i dont like this solution

     

    I hae the same issue and tested it with with two folder exclusions.

     

     

    after excluded them (also seen im the web console) my eicar.com file is still deleted after placing it there.

     

    i want to be sure that it will exclude my SQL databases, group policy files etc etc.

    You can call it a band aid, but why does MS advise to exclude some files and folders then ?

     

    i came from a AV that this worked flawless, so i dont know why this is a issue for this AV software, and hve to trust all settings i made. i have more then 700 clients (and license) to support so it has to work correctly

    ghostdog
  • VadVad Posts: 1,067 F-Secure Employee

    Hello Peter-Fl,

     

    Please, contact support. We need more information to investigate your issue.

     

    Best regards,

    Vad

This discussion has been closed.