i just deployed one agent of EP on a server and it's getting too overzealous blocking stuff i dont want blocked marking them as "malware/virus" when they're not [:@]
let's start:
[LIST=1]
- Path exclusion works ok, but when the backup software starts working with VSS the path exclusion is completely ignored!.
for example, on a path i have excluded from access scanning:- Threat: Virus/spyware 'Mal/KeyGen-W' has been detected in " \ \ . \ GLOBALROOT \ Device \ HarddiskVolumeShadowCopy29 \ dir1 \ fir2 \ file
VSS changes path so i can't make an exclusion daily....
or do i make an exclusion for "\.\GLOBALROOT"? - i can't exclude processes!, this is a basic feature of all AV i've been using for years!(for example, to exclude the process and ALL files accesed by it, for exchange services, backup software, etc), monster oversight here... [:S]
- I can't exclude by "malware name" in case where it starts with "mal\***x" as it's not a PUA, in cases where it's not a PUA i could use the hash option but here's the kicker, how can i hash the file when it's blocking access in the 1st place :mad[:(]i'd need to kill EP services, hash it, then having to maintain that list which has at least a dozen files...., an extreme annoyance which outweights having ep installed)
- Why can't i chose if i want "just virus" or "malware+virus" scanning?
- Quarantine doesn't let me whitelist items the only action i have is "clean", WTH [:@]
This thread was automatically locked due to age.
