Jump to content

Problem With Exclusions on a File Server


Recommended Posts

Hello all. I have an SMB file server in my home running Windows Server 2012 Datacenter (don't ask) and I have the server's location on the network set in my ESS antivirus and spyware exclusions as such: "\\SERVER\*.*" I have that location mapped to a drive, and I have Windows Sync keep the files offline automatically. So I have my mapped drive also set under the exclusions as "Z:/*.*" The problem is every now and then ESS picks up files that it says are located on my server (for example "\\SERVER\blah.exe") that it says were accessed by "C:\Windows\System32\SearchProtocolHost.exe" (which I believe is some windows indexing service) even though I have that specific SearchProtocolHost.exe and the file's location (my server) BOTH in the exclusions. What do I do?

 

P.S. Screenshot attached.

post-901-0-59556300-1382394573_thumb.png

Link to comment
Share on other sites

You could turn off indexing service, unless thats something you want to keep.

When setting up your server you choose between indexing and windows search.

You could see if the problem persists using windows search instead ?

It states you can only use one or the other during server setup.

 

keep in mind this is just a workaround that im offering to try.

Edited by Arakasi
Link to comment
Share on other sites

Peter, it seems he does not want his network drives scanned, and files are being found locally and a local alert is being triggered in hips or elsewhere due to indexing.

So he is setting exclusions for his mapped drive and server so he doesn't get the alerts.

 

My question to you Jeteroll is, Do you search for files on your network drive a lot ? Are there thousands of files you you have to access each day , forcing you to actually enter the file names in the search boxes to locate ?

 

If not, you could just disable windows search or indexing service, which ever you are using. Because you dont need it.

You could also login to that server and right click the data drives and uncheck option for index this drive etc.

 

By adding SearchProtocolHost.exe to your exclusion list you are only telling Eset the file is safe and not to flag it as a threat. I dont think it will stop the index service or windows search from looking at your files hosted on another server if that option is set on the drive/s.

 

By design nod32 watches everything you and your system does, especially with the new HIPS modules.

So you could disable hips, or disable indexing/win search.

 

I am also only speculating, and would like to hear a moderators thoughts on this.

 

Excluding a network drive all together....

Can you enter IP's into the exclusion list ? Example :

 \\192.168.1.20\c$\Folder1\*.*

Edited by Arakasi
Link to comment
Share on other sites

ESET gui froze on non-existant network location.

We should have a msgbox or something with error instead of an app gui crash ?

 

After a few moments it corrected itself.

 

Entering my local private ip with c drive was added to my exclusion list successfully ....

 

Jeteroll you could try setting a static ip on your server and adding the exclusion that way !

post-1101-0-65855700-1382441523_thumb.jpg

Edited by Arakasi
Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...