I am running policy manager 10.01 on a Windows Server 2003 SP2 machine. I have a specific .exe file that keeps getting quarantined. Under Settings for Root > Real-Time Protection > Scanning Opitons > File Scanning > Inclusions and Exclusions > Excluded Objects, i have listed C:\Folder\File.exe. My understanding is if the .exe file is listed here it should not be scanned and thus be ok. Everytime i reenable F-Secure on the server I see event logs errors stating that the suspected file has been quarantined due to Malicious Code. I know this file is not infrected. This is causing major headaches as my users can't run this program when F-Secure is turned on.
Any ideas how to stop this? Am i doing something wrong?
And welcome to the F-Secure Community!
As the exclusion can be configured both locally and in Policy Manager Console (PMC), you need to lock the relevant setting in Policy Manager Console to ensure the setting is properly applied on the workstations and/or servers.
Relevant settings in Policy Manager (Advanced Mode):
F-Secure anti-virus Settings Settings for real-time protection Scanning options File scanning Inclusions and exclusions Excluded objects enabled -> change to Enabled Excluded objects -> the excluded files and folders go here,e.g. c:\folder\file.exe
For the first setting, click the “Lock” symbol and for the second table, select the option "Dissallow user changes" to ensure a locally configured setting is indeed overwritten.
Please also submit a sample of the problematic file to allow us to address the false positive detection. You can submit a sample here.
Hope this helps!
Thank you for your assistance. The lock is "locked" for 'Enabled' on Excluded Objects Enabled. Also on the Excluded Objects the 'disallow user changes' is checked off. I have submitted the file 'false positive' test.
In case the value was not configured at the host level in Policy manager, you also need to click the "Force value" and "Force table" settings to ensure, the setting is propagated properly. Otherwise, settings configured at a lower level in the policy domain structure are not replaced with the new setting. Alternatively, configure the setting at host level.
If this is not the issue, suggest creating a support ticket to investigate this issue further. Please provide the fsdiag.tar.gz file with your request. For additional information, check here and here.
This topic has been closed due to inactivity. If you would like to discuss this topic further, please start a new post.
You can reference this topic in your post by adding this link:
Visit the Community
Check our Forums or How-to & FAQs for advice or answers
View User Guides
Refer to our getting started guides and product manuals
Talk to our Support and get answers to your questions