Jump to content

Setting Performance and Process User exclusions


Recommended Posts

I have read through:
https://help.eset.com/ees/8/en-US/idh_performance_exclusion.html
https://help.eset.com/ees/8/en-US/idh_config_processes_exclude.html

I have an application (iManage Work) that primarily runs from the %appdata% directory of the users profile. This includes process executables that we need to exclude. After reading the documentation and discovering that user variables are not supported, it seems the only way to exclude directories is by using a wildcard character in the middle of a path (ex, "C:\Users\*\AppData\Roaming\iManage"). This is specifically warned against here: https://support.eset.com/en/kb7223-using-wildcards-in-the-middle-of-paths-in-file-and-folder-exclusions-in-eset-products

The processes are also run from the user %appdata% directory, and so I cannot enter in a common path. When I try to use a wildcard, I cannot complete the entry at all. How can I accomplish the application exclusion requirements in ESET? I also need to make the exclusions on a terminal server where there will be multiple concurrent users.

For reference, here are the exclusions the application requires:

Directories:

  • %appdata%\iManage
  • %localappdata%\iManage
  • %temp%\iManage
  • %temp%\dotnetbrowser-chromium

Processes:

  • %appdata%\imanage\work\chromium\emm\GZipCompress.exe
  • %appdata%\imanage\work\chromium\emm\64bit\browsercore64.exe
  • %appdata%\imanage\work\chromium\adfs\GZipCompress.exe
  • %appdata%\imanage\work\chromium\adfs\64bit\browsercore64.exe
Edited by FailedExpermient
clarity
Link to comment
Share on other sites

C:\Users\*\AppData\XXX is how I manage it on terminal servers. Haven't had any issues so far. The warnings are more for some idiot that thinks its OK to do an exclusion on something like C:\ProgramData\*\logs   or something asinine like that. The other warnings, performance?, nah. Non issue. Rule order and evaluation, sure that could be a problem, but just enforce that rule in policy. For the users folder, I don't see any issues. 

Link to comment
Share on other sites

Posted (edited)

I did test the * in the middle of a path with EICAR, and it seems to work, although I don't really like that it's not officially supported. I can live with that as long as it continues to work. 

However, I haven't found a way to exclude processes that will be running from each users' %appdata%. Maybe not possible?

Edited by FailedExpermient
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...