pronto 6 Posted November 12, 2019 Posted November 12, 2019 (edited) Servus Community, with any update seems to have added an additional possibility to exclude files and folders from the virus scanner. Until recently, there was as far as I remember only one place to define exceptions, now there are two: Performance Exclusions and Detection Exclusions. I started a new client with an accounting software and have now configured the Detection Exclusions for it, but noticed that another, older policy with exceptions, where these two possibilities didn't exist at the time of creation, can now be found under Performance Exclusions. I don't get behind the deeper meaning of these two possibilities while reading the manual and wanted to ask what would be the right place for exceptions? Furthermore, I have to configure an environment variable that is not in the list[1] of compatible variables: %localappdata%\AGENDA [2]. If this variable doesn't work, do I really have to configure the absolute path for each user using this software individually? [1] https://help.eset.com/eav/12/en-US/idh_exclude_format.html [2] https://agenda-kunden.de/pdf/6041.pdf (Page 3) Thx in advance & Bye Tom Edited November 13, 2019 by pronto
Administrators Marcos 5,458 Posted November 12, 2019 Administrators Posted November 12, 2019 Use Detection exclusions if an application that you use is detected as a potentially unsafe or unwanted which are optional detections. Performance exclusions should be used in case of performance issues that could not be solved otherwise. Should be used with care since every performance exclusion creates a possible security hole and excluded files or folders will not be protected and scanned for malware. If possible, please explain the reason why you need to create exclusions in the first place. What issues do you experience if a particular folder or files are not excluded from scanning?
pronto 6 Posted November 13, 2019 Author Posted November 13, 2019 Servus Marcos, If possible, please explain the reason why you need to create exclusions in the first place. What issues do you experience if a particular folder or files are not excluded from scanning? Many software vendors issue guidelines for configuring virus scanners, especially when databases are involved. These should not be ignored if you want to work in a supported environment. Thx & Bye Tom
Administrators Marcos 5,458 Posted November 13, 2019 Administrators Posted November 13, 2019 Those should be added in performance exclusions. Personally I wouldn't exclude any files unless I experienced some issues. I've seen exclusions entered by users incorrectly and they were happily using them even when they didn't work.
pronto 6 Posted November 14, 2019 Author Posted November 14, 2019 Servus Marcos, I agree with you, until now I haven't experienced a negative impact with ESET in the short time we've been using it. But we are already testing the settings by deactivating the virus scanner and placing EICAR test files in the system, when the virus scanner is switched on again the test files have to remain in the excluded paths and the others have to be detected and deleted. We only use these exception lists of the manufacturers for extremely critical database systems, such as Exchange, Domain Controller, SQL Server, Datev, Agenda, backup files, etc., where a false positive detection can cause high potential damage. In some cases, however, we have not installed any virus scanners on such systems but are currently reconsidering our strategy with regard to protection against network-active encryption Trojans. Thx & Bye Tom
Recommended Posts