ESET antivirus no longer recognizes exclusion list

blackbird7 · January 28, 2018

I am currently running ESET Internet Security 11.0.159.0, and I have two file exclusions that previously prevented ESET from removing them. However, they are no longer being excluded from my computer scans. Whenever I open an application that uses the excluded file, it is quarantined. No matter how many times I right click "restore and exclude ...", it is detected and removed again. Any thoughts as to what I can do? Should I try a fresh reinstall of ESET?

Marcos · January 28, 2018

Please provide:

- a screen shot of your exclusion list
- a complete record of the detection from the Detected threats log

blackbird7 · January 28, 2018

Hi Marcos,

I decided to just reinstall ESET, and I no longer experience this issue. Thank you.

0xDEADBEEF · January 30, 2018

On ‎01‎/‎28‎/‎2018 at 2:21 PM, Marcos said:

Please provide:

- a screen shot of your exclusion list
- a complete record of the detection from the Detected threats log

I can confirm this issue on version 11.0.159.0 EIS

if you specify both the path and threat type (like the one auto-generated by selecting exclude threat in the threat prompt), the exclusion will not work

if you only specify the path (enable "exclude all threats"), the exclusion will work

Edited January 30, 2018 by 0xDEADBEEF

Marcos · January 30, 2018

3 hours ago, 0xDEADBEEF said:

if you specify both the path and threat type (like the one auto-generated by selecting exclude threat in the threat prompt), the exclusion will not work
if you only specify the path (enable "exclude all threats"), the exclusion will work

Please provide a screen shot of the exclusion list. Is the detection name prepended with "@NAME="? You can also try excluding a potentially unwanted or unsafe application right from the yellow alert window upon detection. Also note that this only works for pot. unwanted and unsafe applications, not for malware detections.

0xDEADBEEF · January 30, 2018

6 hours ago, Marcos said:

Please provide a screen shot of the exclusion list. Is the detection name prepended with "@NAME="? You can also try excluding a potentially unwanted or unsafe application right from the yellow alert window upon detection. Also note that this only works for pot. unwanted and unsafe applications, not for malware detections.

well, the entry shown in the attached screenshot is the one created by the yellow alert window. But I still get yellow prompt after adding this exclusion

E7ak9fIEfB · January 30, 2018

Signed up just to confirm that I face the exact same issue as described by 0xDEADBEEF

21 hours ago, 0xDEADBEEF said:

if you specify both the path and threat type (like the one auto-generated by selecting exclude threat in the threat prompt), the exclusion will not work

if you only specify the path (enable "exclude all threats"), the exclusion will work

Exactly this. This problem only showed up recently

Edit: I too, am running an upgraded ESET instead of one that was freshly installed.

Edited January 31, 2018 by E7ak9fIEfB
More information added.

Marcos · January 30, 2018

3 hours ago, 0xDEADBEEF said:

well, the entry shown in the attached screenshot is the one created by the yellow alert window. But I still get yellow prompt after adding this exclusion

Please provide a complete record from the Detected threats log. Is the file detected upon an attempt to launch it or when copying it to the same location? I was unable to reproduce it.

0xDEADBEEF · January 30, 2018

1 hour ago, Marcos said:

Please provide a complete record from the Detected threats log. Is the file detected upon an attempt to launch it or when copying it to the same location? I was unable to reproduce it.

OK so I successfully reproduce it on another machine running the same EIS version on same type of system (Windows 10 x64).

My steps:

1) disable EIS and download bitcomet installer from official website

2) enable EIS protection, copy the installer to some path (in my case, D:\c\bitcomet_setup.exe)

This will trigger ESET yellow prompt

3) select "Exclude from Detection" and click ignore

A rule is confirmed to be added to the exclusion list with correct path

4) simply right click the file again, the yellow prompt shows again

Detection log:

Quote

Time;Scanner;Object type;Object;Threat;Action;User;Information;Hash;First seen here
01/30/2018 1:37:13 PM;Real-time file system protection;file;D:\c\bitcomet_setup.exe;Win32/InstallCore.Gen.A potentially unwanted application;cleaned by deleting;Machine\User;Event occurred during an attempt to access the file by the application: C:\Windows\explorer.exe (1C975DFA73F8C9389975A2ECE34AD74B165DD1C6).;6BDFD84B166038D76E5C5ECAF0A1AB5F8D6B4EFE;01/30/2018 1:35:49 PM

The similarity of the two machines I reproduced the issue is that they both run ESET upgraded from a previous v11 version, instead of a fresh install. As indicated by the original author of this thread, he/she got rid of this issue after a fresh reinstall. So perhaps this is a factor you need to consider.

Edited January 30, 2018 by 0xDEADBEEF

Marcos · January 31, 2018

Please check the attached video and find out what you did differently.

exclusion.rar

0xDEADBEEF · January 31, 2018

4 hours ago, Marcos said:

Please check the attached video and find out what you did differently.

exclusion.rar

The only difference is I selected "Exclude from detection" while the video has "Exclude signature from detection" selected

Selecting "Exclude from detection" will add a rule specifying both the path and the threat type, while selection "Exclude signature from detection" specifies the threat type only.

If I select "Exclude signature from detection", the exclusion works

I also tried to modify the working rule generated by selecting "Exclude signature from detection". I tried to modify the path wildcard "*" into a specific path like "D:\*" and the exclusion no longer works.

Generally I feel like the exclusion will work if you specify either the path or the threat type, but will not work if you specify both. Let me know if you need more information.

Marcos · February 1, 2018

This turned out to be a known issue which was fixed in December and a fix will be included in v11.1 which is going to be released soon.

Fil · March 5, 2018

@0xDEADBEEF thanks a lot. I was getting sooo frustrated by new v11 version (11.0.159.9 as of now) as since I upgraded from v10 exclusions wasn't working 95% of times. I thought they just decided to ignore user request for exclusion if it is coin miner...When I checked exclusion list in settings there were multiple entries for the same file.

What fixed it, was to edit existing rule and remove threat type as you said. Thanks.

@Marcos what exactly soon means? we are plus one month...

EDIT: also why some threats cannot be excluded? Just found some Trojan threat (red window) and exclude options are greyed out. What are you trying to do? Prevent us to use our computers the way we want?

Edited March 5, 2018 by Fil

Sign In

ESET antivirus no longer recognizes exclusion list

Recommended Posts

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Recently Browsing 0 members

Quick search

FAQ

Topics