" on access" process exlcusions

Hello danpalmer,

I'm not sure I correctly understand what you want to achieve? Do you want the process (i.e. the executable) being exempt from scanning or the files accessed by the process?

Christian

i want to exclude the .exe (there are a few as it's exchange 2010) read/writes being scanned.

i am just concerned adding the .exe into the exclusions as "file" may only exclude file itself and not the process.

thanks.

I see - indeed an exclusion applies just to the file (and a warning, BTW: It applies to all files with the same name regardless of their location).

So this is about on-access scanning on an Exchange server? Any particular problem you want to solve or do you want to implement the File-Level Antivirus Scanning on Exchange 2010 recommendations? To be honest, I don't get what they mean by the Process Exclusions ... As suggested in the comments you should consider an "Exchange aware" product.

Or did I misunderstand you?

Christian

indeed the ms recommendations are what we are looking to implement.

having come from a mcafee background this was easy to apply.

i am surprised it can't be done.

Hello Dan,

I assumed something like this. Ascribe it to different paradigms or "cultures" - different vendors have different views.

You can do it with Sophos in case you desperately need it (see: Re: How to exclude a process? - but I want to emphasize Jak's warning). Perhaps slightly exaggerated - you might be better off just disabling on-access scanning. The serious alternative - as said - is AV specifically for Exchange (PureMessage for Exchange might be already included in your license).

Christian