Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 1 subscriber
  • Views 10288 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

User %temp% folder exclusion

capman

Hi All,

Scenerio: We are running software that cannot be scanned by anti-virus. It resides in the users %temp%/gss folder.

I know Sophos doesn't allow shortcuts in the path, ie %temp%. (Symantec does...) ;)  anyways...  

So... I have went to the client and inserted the full path c:\DOCUME~1\LOCAL~1\etc\etc\%temp%\gss and it works. But wait. When I go back to the Enterprise Console, it states that the computer is using a different policy and is flagged. 

I DO NOT want to see every computer flagged. The only way I went around this was to create a policy for every user. Surely there is a better way to do this! 

Any help would be great! 

Thank you,

:37537


This thread was automatically locked due to age.
  • 0

    Hello capman,

    software that cannot be scanned

    while there are scenarios where scanning has an adverse effect this is often caused by "unfortunate" design. Furthermore running from a local location isn't best practice. Anyway, there's probably not much you can do about it short-term. BTW: Do I understand correctly that it runs from a folder named %temp% under the user's %TEMP% directory - or did you just mistype the full path?

    Now, one way around it would be excluding files (which introduces some additional risk) - while cumbersome it could be done with a general policy. But given the rest of the "design" I fear the application also uses random names.

    Christian

    :37543
  • 0

    Christian,

    I agree about the "unfortunate" design! The software in question is very poorly designed. It is a disaster. Alas, we have to run it. It runs on the server, but it downloads parts of the program to the local user's %temp%/gss folder.

    I think I will just add the 'C:\Users\joeshmo\AppData\Local\Temp\gss' for each user to the policy on the Console. It will be a pain and not clean, but at least I will not have flags on every client.

    I will call Sophos also.

    Thanks,

    Capman

    :37571
  • 0

    Hello Capman,

    so the names of the "parts" are random? Any chance there is a usable pattern? Apart from this - what are the symptoms of cannot be scanned?

    Christian

    :37573
  • 0

    The folder structure as far as the program is concerned stays the same. It will always be %temp%\gss. The random aspect is the user. I have to add an exclusion for every user because the user path itself is unique to the current user.

    :37593
  • 0

    Hello Capman,

    I was thinking of the files under %temp%\gss. If they have more or less unique extensions or names you might be able to exclude them by name/pattern. 

    Christian

    :37605