BreathTaken 0 Posted July 13, 2019 Share Posted July 13, 2019 I have been unsuccessful when trying to exclude this program from detected threats. It's a well known packet analysis and manipulation tool and does not pose any threat what-so-ever by me choosing to run it. First, it would only present a notification in the lower right hand screen, indicating it removed the file automatically.. From there I had to go into Advanced Setup >> Real-time file system protection >> Threatsense Parameters >> and change Cleaning Level to "No cleaning".. Now I get prompted with the following when I attempt to run: Even when I click "Ignore threat" I cannot run the application as this window pops up every time I attempt to do so! Disabling Real-time file system protection is not an option I am willing to consider. I should be able to exclude a threat, no matter the circumstance. I have attempted the listed exclusions with @NAME but that only works for potentially unsafe/unacceptable and does not appear to work on this threat. I have also attempted to utilize Process Exclusions however that does not appear to work either. My guess is that this is considered a "more serious" type of threat and ESET does not allow for excluding this? If that is correct please clarify for me. It would leave me utterly disappointed in ESET for leaving such a gap in features but at least I wouldn't feel like I'm going crazy here trying to work this damn exclusion list! :| Link to comment Share on other sites More sharing options...
itman 1,659 Posted July 13, 2019 Share Posted July 13, 2019 Refer to the below screen shot. Via Eset GUI, do the following: 1. Click on Setup. 2. Click on Advanced Setup. 3. Click on Edit as shown in the screen shot. 4. Click on the Add tab and enter the full path name of the executable you wish to exclude. Or alternatively, click on the "....." symbol to search for the program and have Eset add it for you. 5. Click on the OK tab on that screen and every screen thereafter to save your exclusion. Link to comment Share on other sites More sharing options...
BreathTaken 0 Posted July 13, 2019 Author Share Posted July 13, 2019 1 hour ago, BreathTaken said: Disabling Real-time file system protection is not an option I am willing to consider. I should be able to exclude a threat, no matter the circumstance. I have attempted the listed exclusions with @NAME but that only works for potentially unsafe/unacceptable and does not appear to work on this threat. I have also attempted to utilize Process Exclusions however that does not appear to work either. My guess is that this is considered a "more serious" type of threat and ESET does not allow for excluding this? If that is correct please clarify for me. It would leave me utterly disappointed in ESET for leaving such a gap in features but at least I wouldn't feel like I'm going crazy here trying to work this damn exclusion list! 😐 Tried that already, any other ideas? Link to comment Share on other sites More sharing options...
Administrators Marcos 5,074 Posted July 14, 2019 Administrators Share Posted July 14, 2019 Please post a screen shot of the file exclusion details as well as the appropriate record from the Detection log. Link to comment Share on other sites More sharing options...
itman 1,659 Posted July 14, 2019 Share Posted July 14, 2019 (edited) 18 hours ago, BreathTaken said: Tried that already, any other ideas? Via Advanced Setup option, click on Detection Engine and add the .exe exclusion there. If that doesn't work, do the following. Via Setup tab, click on the gear symbol to the right of "Real-time file system protection. Click on "Edit exclusions." Refer to this Eset online help article on how to proceed further: https://help.eset.com/eis/12/en-US/idh_config_amon.html?idh_config_exclude.html . If neither of the above works, it is not Eset's real-time protection that is blocking the app but another Eset protection area. Do as @Marcos previously instructed. Edited July 14, 2019 by itman Link to comment Share on other sites More sharing options...
Recommended Posts