How to make EIS realtime protection exclusion work?

[rawalanche 2]

Hi,

how do I make the exclusions for the realtime protection work? EIS slows down the shader compilation process of UE5 extremely, by scanning every temporary shader cache file. I've added all the relevant folders to the exclusion list, but EIS just ignores it and keeps scanning them:

How do I fix this?

[Marcos 5,259]

Exclusions can be tested only by putting a detected file (e.g. the eicar test file) into an excluded folder and then scanning it. The path information you are referring to shows files that go through the real-time protection driver before exclusions are applied.

[rawalanche 2]

5 minutes ago, Marcos said:

Exclusions can be tested only by putting a detected file (e.g. the eicar test file) into an excluded folder and then scanning it. The path information you are referring to shows files that go through the real-time protection driver before exclusions are applied.

So how do I prevent EIS from scanning contents of folders, instead of just ignoring the detections? My issue is that when I completely turn off EIS realtime detection, the shader compilation speeds up by an order of magnitude.

Edited October 28, 2022 by rawalanche

[Marcos 5,259]

Do you mean that if you put the eicar test file to an excluded folder, e.g. d:\projects, it will be detected there? Also I've noticed that you used detection exclusions, not performance exclusions which you probably intended to.

[rawalanche 2]

3 minutes ago, Marcos said:

Do you mean that if you put the eicar test file to an excluded folder, e.g. d:\projects, it will be detected there? Also I've noticed that you used detection exclusions, not performance exclusions which you probably intended to.

Yes, likely. The UX of EIS is a bit of a dumpster fire. I just used the Edit Exclusions button here: 

I mean, there are processes exclusions:

Which, as the name implies, exclude scanning of just executable processes, not entire folders.

Then there are extension exclusions:

Then there are two more exclusions:

This is just not understandable for average user.

[Minimalist 16]

Hi.

As described here about process exclusions:

Quote

By excluding specific process (for example those of the backup solution) all file operations attributed to such excluded process are ignored and considered safe, thus minimizing interference with the backup process.

If you know which process performs file operations you can add it to the list and all file operations performed by it will not be scanned (no matter in which folder they happen).

File extension exclusions are described here. I don't use them but here is a description of possible use case:

Quote

Excluding files is sometimes necessary if scanning certain file types prevents the program that is using certain extensions from running properly. For example, it may be advisable to exclude the .edb, .eml and .tmp extensions when using Microsoft Exchange servers.

Performance exclusions can be used to white-list folders. You can add there all folders you don't want to be scanned.

Detection exclusions can be used to whitelist specific detected threat. Here is my exclusion for uTorrent which I created during Initial scan detection:

 

In your case I would use either Process exclusion (to list processes that perform file operations) or Performance exclusion (to list folders where file operations happen).