Folder redirection issue

RPE
Scholar

Folder redirection issue

Hi,

 

Product FS WS 11.5

 

Related to :

http://community.f-secure.com/t5/End-point/folder-re-directs/td-p/17964

 

I have a similar issue with folder redirection.

If a spyware is detected in the download directory, FS (11.5) throw it to quarantine but the file located locally is not. Thus I get emails alerts because (I guess) FS wan't remove or place the local file in quarantine.

 

Is the exclusion a good solution for this issue ?

The article mentionned in the previuos thread is not reachable :  http://www.f-secure.com/de/web/business_de/support/article/kba/15193/k/wildcard/p/1

 

Thanks for your support

Regards

 

 

 

Tags (1)
4 REPLIES 4
Highlighted
F-Secure

Re: Folder redirection issue

Hi RPE,

 

Here is the link you were looking for:

 

http://community.f-secure.com/t5/End-point/Using-wildcards-in-exclusions/ta-p/20428

 

Exlusion make sense if the folder you are scanning is hosted on a remote server. It makes more sense to have the remote server then scan the folders locally as it will consume less time and resources. Even more if you have several workstations trying to remotely scan a folder hosted on a server.

 

Regards,

F-Secure
F-Secure

Re: Folder redirection issue

Hello RPE,

 

Here is a working link to the article:

http://community.f-secure.com/t5/End-point/Using-wildcards-in-exclusions/ta-p/20428

 

Best regards,

Vad

 

RPE
Scholar

Re: Folder redirection issue

Hi,

thank you for the link.

 

Exlusion make sense if the folder you are scanning is hosted on a remote server. It makes more sense to have the remote server then scan the folders locally as it will consume less time and resources. Even more if you have several workstations trying to remotely scan a folder hosted on a server.

 

 

This is not quite the case.

Folders (doc&settings, desktop..) are redirecting and hosted on a NetApp vFiler (NAS).

Local machine executes F-Secure WS.

The problem is not ressource consomption but quarantine/deletion file on the hosted folder that is not feeded back to the local Windows folder used for synchronisation cache (%systemroot%\CSC).

Even if the file on the hosted folder is clean, the cache folder continues to be scanned and causes alerts because spyware/virus file is still present in the cache.

 

Fortunatly we don't have alerts every day, but each times it occurs, it's a mess for cleaning this :

-we tried to force synchronisation with no effect,

- we tried to reset CSC database but this causes a bad reset of folder redirection's localization and a new synchronisation may takes a lot time

- We tried to clean directly  %systemroot%\CSC and subfolders. It works but we have to affect folders rights to admin to be able to reach right folder and to delete the file.

 

Exclusion of  %systemroot%\CSC could be the best way to solve this but what about mobile workstations (laptops) that synchronizes maybe 1 time per week?

If I exclude %systemroot%\CSC and copy a virus file on Desktop in disconnected mode, will F-Secure scan and detect the virus?

 

What is the best strategy according to you?

 

Regards,

F-Secure

Re: Folder redirection issue

If a laptop is protected by F-Secure, the malware is likely to be detected before it is placed on the Desktop. However, assuming for some reason the malware is not detected at that time and copied over to the NAS, then what you could do is have a dedicated scheduled scan set to scan the NAS from another host regularly. Then that will remove any malware which might have made it thru.

Regards,