Jump to content

Archived

This topic is now archived and is closed to further replies.

BreathTaken

Greyed out exclude signature option

Recommended Posts

I have been unsuccessful when trying to exclude this program from detected threats. It's a well known packet analysis and manipulation tool and does not pose any threat what-so-ever by me choosing to run it.

First, it would only present a notification in the lower right hand screen, indicating it removed the file automatically.. From there I had to go into Advanced Setup >> Real-time file system protection >> Threatsense Parameters >> and change Cleaning Level to "No cleaning".. Now I get prompted with the following when I attempt to run:

image.png.0887f9a5f7ea82b6e3dec1f95699813c.png

Even when I click "Ignore threat" I cannot run the application as this window pops up every time I attempt to do so!

 

Disabling Real-time file system protection is not an option I am willing to consider. I should be able to exclude a threat, no matter the circumstance. I have attempted the listed exclusions with @NAME but that only works for potentially unsafe/unacceptable and does not appear to work on this threat. I have also attempted to utilize Process Exclusions however that does not appear to work either. My guess is that this is considered a "more serious" type of threat and ESET does not allow for excluding this? If that is correct please clarify for me. It would leave me utterly disappointed in ESET for leaving such a gap in features but at least I wouldn't feel like I'm going crazy here trying to work this damn exclusion list! :|

Share this post


Link to post
Share on other sites

Refer to the below screen shot.

Via Eset GUI, do the following:

1. Click on Setup.

2. Click on Advanced Setup.

3. Click on Edit as shown in the screen shot.

4. Click on the Add tab and enter the full path name of the executable you wish to exclude. Or alternatively, click on the "....." symbol to search for the program and have Eset add it for you.

5. Click on the OK tab on that screen and every screen thereafter to save your exclusion.

Eset_Exclusions.thumb.png.82603a554daf5a32776c8462d329e910.png

 

 

Share this post


Link to post
Share on other sites
1 hour ago, BreathTaken said:

 

Disabling Real-time file system protection is not an option I am willing to consider. I should be able to exclude a threat, no matter the circumstance. I have attempted the listed exclusions with @NAME but that only works for potentially unsafe/unacceptable and does not appear to work on this threat. I have also attempted to utilize Process Exclusions however that does not appear to work either. My guess is that this is considered a "more serious" type of threat and ESET does not allow for excluding this? If that is correct please clarify for me. It would leave me utterly disappointed in ESET for leaving such a gap in features but at least I wouldn't feel like I'm going crazy here trying to work this damn exclusion list! 😐

Tried that already, any other ideas?

Share this post


Link to post
Share on other sites

Please post a screen shot of the file exclusion details as well as the appropriate record from the Detection log.

Share this post


Link to post
Share on other sites
18 hours ago, BreathTaken said:

Tried that already, any other ideas?

Via Advanced Setup option, click on Detection Engine and add the .exe exclusion there. If that doesn't work, do the following.

Via Setup tab, click on the gear symbol to the right of "Real-time file system protection. Click on "Edit exclusions." Refer to this Eset online help article on how to proceed further: https://help.eset.com/eis/12/en-US/idh_config_amon.html?idh_config_exclude.html .  

If neither of the above works, it is not Eset's real-time protection that is blocking the app but another Eset protection area. Do as @Marcos previously instructed.

Share this post


Link to post
Share on other sites

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...