FailedExpermient 0 Posted August 25, 2021 Share Posted August 25, 2021 (edited) I have read through:https://help.eset.com/ees/8/en-US/idh_performance_exclusion.htmlhttps://help.eset.com/ees/8/en-US/idh_config_processes_exclude.html I have an application (iManage Work) that primarily runs from the %appdata% directory of the users profile. This includes process executables that we need to exclude. After reading the documentation and discovering that user variables are not supported, it seems the only way to exclude directories is by using a wildcard character in the middle of a path (ex, "C:\Users\*\AppData\Roaming\iManage"). This is specifically warned against here: https://support.eset.com/en/kb7223-using-wildcards-in-the-middle-of-paths-in-file-and-folder-exclusions-in-eset-products The processes are also run from the user %appdata% directory, and so I cannot enter in a common path. When I try to use a wildcard, I cannot complete the entry at all. How can I accomplish the application exclusion requirements in ESET? I also need to make the exclusions on a terminal server where there will be multiple concurrent users. For reference, here are the exclusions the application requires: Directories: %appdata%\iManage %localappdata%\iManage %temp%\iManage %temp%\dotnetbrowser-chromium Processes: %appdata%\imanage\work\chromium\emm\GZipCompress.exe %appdata%\imanage\work\chromium\emm\64bit\browsercore64.exe %appdata%\imanage\work\chromium\adfs\GZipCompress.exe %appdata%\imanage\work\chromium\adfs\64bit\browsercore64.exe Edited August 25, 2021 by FailedExpermient clarity Link to comment Share on other sites More sharing options...
noorigin 3 Posted August 25, 2021 Share Posted August 25, 2021 C:\Users\*\AppData\XXX is how I manage it on terminal servers. Haven't had any issues so far. The warnings are more for some idiot that thinks its OK to do an exclusion on something like C:\ProgramData\*\logs or something asinine like that. The other warnings, performance?, nah. Non issue. Rule order and evaluation, sure that could be a problem, but just enforce that rule in policy. For the users folder, I don't see any issues. Link to comment Share on other sites More sharing options...
FailedExpermient 0 Posted August 25, 2021 Author Share Posted August 25, 2021 (edited) I did test the * in the middle of a path with EICAR, and it seems to work, although I don't really like that it's not officially supported. I can live with that as long as it continues to work. However, I haven't found a way to exclude processes that will be running from each users' %appdata%. Maybe not possible? Edited August 25, 2021 by FailedExpermient Link to comment Share on other sites More sharing options...
noorigin 3 Posted August 26, 2021 Share Posted August 26, 2021 Yeah, I am not seeing a way to exclude processes with variables. Maybe someone else has some bright ideas? Link to comment Share on other sites More sharing options...
Recommended Posts