Jump to content

Misza

Members
  • Posts

    13
  • Joined

  • Last visited

Posts posted by Misza

  1. But Detection exclusions can only be set once the detection occurs, correct? And these can only be set per endpoint on which the detection occurred. My aim is to prevent from these detections to happen on multiple endpoints. so the application installation/upgrade proceeds without any interruptions, and notifications on user side.

  2. @Marcos Thank you for your reply, am I correct in saying that Performance Exclusions can be set to prevent ESET from scanning a given path, and no detections should occur from a folder set in the Performance Exclusion Policy.
    So for example if I set C:\ProgramData\{4CEC2908-5CE4-48F0-A717-8FC833D8017A}\*  path in the exclusion policy no detections should occur in that folder and its subfolders, correct? 
    Using https://help.eset.com/protect_cloud/en-US/create_exclusion.html as a reference.

  3. Hi Marcos,

    that is somewhat correct, more precisely I don't want any detections to be triggered on files in a certain folder.

    So this folder is completely whitelisted, and skipped by the detections module completely.

    There is a bit of software that uses this folder and whenever it receives an update this triggers the detection engine.

    Each time an update is received its unpacked to this folder, the hash and file name differ each time a new update is unpacked in that folder. so I cant really exclude it by name or hash. Therefore was looking how to whitelist the whole folder.

    Detections are triggered with a cause:

    Win32/RiskWare.nameofprogram 

    or with 

    Suspicious

    Hope this makes sense, I can provide more info if needed.

    * edited some typos

  4. just to shed a bit more light on it. This is what the end user sees after I run an update task on the outdated Endpoint AV from that particular endpoints menu and tick the "Automatically reboot when needed" tickbox.

    After task completes the enduser is presented with the above notification. My question is if that reboot delay can be extended further, and instead of 30s end user has maybe 5 minutes before the reboot is performed?

×
×
  • Create New...