Thanks for pointing me that it need a full path for exclusions. Not only ERA allow to enter only something like "*.log". ESET Endpoint Antivirus will allos this action too. If i remove the lock in ERA so i can set the Files & Folders Exclusion on a single PC, it won't give me any warning and accept *.log.
But Allowing Win32/Softcnapp.l at large is not really an option. Softcnapp.l is a plague showing Ad's. Maybe it's a false positive, because i've never seen any Ad's from Clover. I've scanned the file with VirusTotal. Except 1 trustable Firewall (Fortinet), all the reports come from "obscure antivirus" that i've never heard about. All the big players in the AV industry show it as clean.
I've tried what you suggested anyway, but it kept deleting the file. The setup look ok to me.
I've tried few others things:
Since you said that i need to provide a full path, i've decided to include the source of the file like \\ourserver\programs\clover\setup_clover@3.4.3.exe, but it deleted the file when i've tried to copy it locally.
I've tried to add this exclusion: v:\temp\setup_clover@3.4.3.exe, and it worked. But that mean that i've to know exactly Where the user expect to copy the file on his computer, which doesn't make sense at all.
I've tried this exclusion: v:\*\Setup_Clover@3.4.3.exe and V:\*\Setup_Clover*.exe, both are working... file not deleted. I could potentially decided to create exclusions for C: and D: But i see so many cases where it wouldn't work (file picked from another source for example).
i'll try to find where i can submit clover for another examination. There was a well known false positive in version older than 3.3.8 but its been fixed