Jump to content

jdashn

Members
  • Content Count

    84
  • Joined

  • Last visited

Profile Information

  • Location
    USA

Recent Profile Visitors

1,003 profile views
  1. jdashn

    Exclude file type from all scanning

    1. Without a doubt! It would quite a bad job move to exclude *.doc files from scanning, typically i'd like to have zero exclusions, but some business critical software that we use does require exclusions, Citrix for instance has what i listed above just for one server type in their ecosystem. Several of our other products require various other db files or file types to be excluded from scanning on their servers, or even on the desktops. 2. Awesome, i was a little confused and was worried i was missing something, thanks for clarifying! 3. The files listed are put forth as files that cannot be scanned during the provisioning process in a citrix environment per Citrix. Additionally we do have several other pieces of software that also recommend that certain file types are excluded from scanning odd db files and other file types used by EHRs or Claims management software or HR systems. I'm not really going to be able to override the documentation they've provided - but i can say we did experience widespread oddities only in our production environment before these were in place, that we do not experience after (This though was only for our prod environment, under load - we were unable to replicate in test environments with few users, i can't replicate so i can't say it was eset for sure or not). So my concern is not if i should enter the exclusions as required by vendors, but how is the best way to ensure that files i'm directed to not allow scanning on, dont get scanned. I enter once for realtime, then once for on-demand scan, then for idle-state scan, then for startup scan (to be a bit more exact in what i'm talking about, when i say multiple places ). So that means that someone has to remember to hit all 4 of those spots, to enter the same information. i'm not trying to say ESET is bad or anything, i'm just trying to figure out if i'm seeing this wrong or if there is something i'm missing here? Or if there might be a way to keep from duplicating work? Thanks a ton for looking at this! Jason
  2. jdashn

    Exclude file type from all scanning

    Sorry i've been away from this thread! Thanks for this, but when you actually try to enter in a file type *.doc for example, in ESMC under File Exclusions you get an error. To exclude a file type it seems you need to go to the threatsense area for each scan type (Realtime, Malware, ( and each cleaning mode too?)) to exclude them in an ESMC policy. Infact i believe in v6 Console you could specify *.doc in the File/folder area, though i'm unsure now if it was working, or if there was just no error thrown to prevent me. 1 this is not for cleaning mode. This is asking why i've got to setup the file type exclusions separately from file exclusions and why i can't use a * in the middle of a path. It appears that for a citrix environment (in this one example, we have a few other Pieces Of Software that require some sort of file type exclusion) a provisioning server needs the following file types to be not scanned at all: *.vhd *.avhd *.vhdx *.avhdx *.pvp *.lok In order to achieve that it seems I would have to exclude them from realtime scanning, and specific scans like malware scans and what not (instead of the 1 spot i can exclude a Spesific file/folder hash or threat). I'm wondering if there is a single spot to enter so i don't have to enter it in multiple places. Generally we only use Strict cleaning. 2 I'm not sure this matters (as i use ESMC to manage these servers) but these particular machines aren't rebuilt daily, but some others with file type exclusions are. Realistically i'm just looking to see if there would be an easier way to setup an exclusion based on file type, instead of having to remember each spot that has a filetype exclusion parameter when we get a new piece of software or a software requirements are changed. This would reduce the possibility of human error, missing an exclusion, or forgetting to remove them in a spot when changes to these policies (or their initial creation) need to happen. As i said, maybe there is something i'm missing, or i'm not explaining this properly? Thanks a ton as always !!! Jdashn
  3. jdashn

    Exclude file type from all scanning

    Instead of editing a 3rd time with another question to add, i'll just add another question here: When excluding a file where one of the folders is unknown: C:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Citrix\SubscriptionsStore\*\PersistentDictionary.edb This seems to be not possible with eset at all? Is there another notation i should be trying? I've seen some suggestion that \\ would work but would like to KNOW for sure before telling others this is in place and 'working'. Thanks as always!! Jdashn
  4. It appears (and i could be wrong) that the only way i can exclude a file type ( .vhd for example) would be to enter that in under the Threatsense Parameters for Each scan type? Is there a way i can enter the file type under path like *.vhd or something? Does the setting for real-time protection also count for malware scans and the others? Is there a list of all the places i've got to add these extensions to be sure they're not scanned? it seems kind of goofy to have the file type exclusions in a different spot, and to have to enter it in multiple places when there is a single spot to exclude files, hashes, and threats. Is this really the only way? Out of curiosity, is there a reason i'm not seeing for this to be this way? Thanks, Jdashn
  5. jdashn

    Web Control Logs

    Have you tried disabling the xbox service on the device it's self then the traffic does not happen, and no need to try to get eset to ignore/not log it?
  6. @MichalJ Any chance you were able to get a release date? Thanks!! Jdashn
  7. @MichalJ I had thought I had seen a post stating that the next version of ERA was planned to be fully cloud based. This will not work for our org. due to the issues I had mentioned, as long as ESET does not plan on ONLY offering ERA in the cloud then we've got no concerns. Thanks! Jdashn
  8. Description: ERA Accessible without internet access. Detail: Would like to ensure that the newest versions of ERA will still allow a locally installed product that would not become unusable if internet access were lost. If our internet provider were having issues i would still like to be able to manage ESET products within our local network, receive threat notices, manage connected devices, etc.
×