Jeteroll 5 Posted October 21, 2013 Share Posted October 21, 2013 Hello all. I have an SMB file server in my home running Windows Server 2012 Datacenter (don't ask) and I have the server's location on the network set in my ESS antivirus and spyware exclusions as such: "\\SERVER\*.*" I have that location mapped to a drive, and I have Windows Sync keep the files offline automatically. So I have my mapped drive also set under the exclusions as "Z:/*.*" The problem is every now and then ESS picks up files that it says are located on my server (for example "\\SERVER\blah.exe") that it says were accessed by "C:\Windows\System32\SearchProtocolHost.exe" (which I believe is some windows indexing service) even though I have that specific SearchProtocolHost.exe and the file's location (my server) BOTH in the exclusions. What do I do? P.S. Screenshot attached. Link to comment Share on other sites More sharing options...
Arakasi 549 Posted October 22, 2013 Share Posted October 22, 2013 (edited) You could turn off indexing service, unless thats something you want to keep. When setting up your server you choose between indexing and windows search. You could see if the problem persists using windows search instead ? It states you can only use one or the other during server setup. keep in mind this is just a workaround that im offering to try. Edited October 22, 2013 by Arakasi Link to comment Share on other sites More sharing options...
ESET Moderators Peter Randziak 948 Posted October 22, 2013 ESET Moderators Share Posted October 22, 2013 Hello Jeteroll, just a simple question. What would you like to achieve by setting up the exclusions? Link to comment Share on other sites More sharing options...
Arakasi 549 Posted October 22, 2013 Share Posted October 22, 2013 (edited) Peter, it seems he does not want his network drives scanned, and files are being found locally and a local alert is being triggered in hips or elsewhere due to indexing. So he is setting exclusions for his mapped drive and server so he doesn't get the alerts. My question to you Jeteroll is, Do you search for files on your network drive a lot ? Are there thousands of files you you have to access each day , forcing you to actually enter the file names in the search boxes to locate ? If not, you could just disable windows search or indexing service, which ever you are using. Because you dont need it. You could also login to that server and right click the data drives and uncheck option for index this drive etc. By adding SearchProtocolHost.exe to your exclusion list you are only telling Eset the file is safe and not to flag it as a threat. I dont think it will stop the index service or windows search from looking at your files hosted on another server if that option is set on the drive/s. By design nod32 watches everything you and your system does, especially with the new HIPS modules. So you could disable hips, or disable indexing/win search. I am also only speculating, and would like to hear a moderators thoughts on this. Excluding a network drive all together.... Can you enter IP's into the exclusion list ? Example : \\192.168.1.20\c$\Folder1\*.* Edited October 22, 2013 by Arakasi Link to comment Share on other sites More sharing options...
Arakasi 549 Posted October 22, 2013 Share Posted October 22, 2013 (edited) ESET gui froze on non-existant network location. We should have a msgbox or something with error instead of an app gui crash ? After a few moments it corrected itself. Entering my local private ip with c drive was added to my exclusion list successfully .... Jeteroll you could try setting a static ip on your server and adding the exclusion that way ! Edited October 22, 2013 by Arakasi Link to comment Share on other sites More sharing options...
Recommended Posts