Jump to content

How to make EIS realtime protection exclusion work?


Recommended Posts

Hi,

how do I make the exclusions for the realtime protection work? EIS slows down the shader compilation process of UE5 extremely, by scanning every temporary shader cache file. I've added all the relevant folders to the exclusion list, but EIS just ignores it and keeps scanning them:

image.thumb.png.108c48bdbafde9e92789410bd3625052.png

How do I fix this?

Link to comment
Share on other sites

  • Administrators

Exclusions can be tested only by putting a detected file (e.g. the eicar test file) into an excluded folder and then scanning it. The path information you are referring to shows files that go through the real-time protection driver before exclusions are applied.

Link to comment
Share on other sites

5 minutes ago, Marcos said:

Exclusions can be tested only by putting a detected file (e.g. the eicar test file) into an excluded folder and then scanning it. The path information you are referring to shows files that go through the real-time protection driver before exclusions are applied.

So how do I prevent EIS from scanning contents of folders, instead of just ignoring the detections? My issue is that when I completely turn off EIS realtime detection, the shader compilation speeds up by an order of magnitude.

Edited by rawalanche
Link to comment
Share on other sites

  • Administrators

Do you mean that if you put the eicar test file to an excluded folder, e.g. d:\projects, it will be detected there? Also I've noticed that you used detection exclusions, not performance exclusions which you probably intended to.

Link to comment
Share on other sites

3 minutes ago, Marcos said:

Do you mean that if you put the eicar test file to an excluded folder, e.g. d:\projects, it will be detected there? Also I've noticed that you used detection exclusions, not performance exclusions which you probably intended to.

Yes, likely. The UX of EIS is a bit of a dumpster fire. I just used the Edit Exclusions button here: 

image.png.ff10040df61b386ef8b23ab94c28b591.png

I mean, there are processes exclusions:

image.png.329bc3a81c401c1b776a857ae90a7cb2.png

Which, as the name implies, exclude scanning of just executable processes, not entire folders.

Then there are extension exclusions:

image.png.17be32371881e14b797093f12b5565a8.png

Then there are two more exclusions:

image.png.8cbd2a8969c4ea5f93739fb5ede934b1.png

This is just not understandable for average user.

Link to comment
Share on other sites

  • ESET Insiders

Hi.

As described here about process exclusions:

Quote

By excluding specific process (for example those of the backup solution) all file operations attributed to such excluded process are ignored and considered safe, thus minimizing interference with the backup process.

If you know which process performs file operations you can add it to the list and all file operations performed by it will not be scanned (no matter in which folder they happen).

File extension exclusions are described here. I don't use them but here is a description of possible use case:

Quote

Excluding files is sometimes necessary if scanning certain file types prevents the program that is using certain extensions from running properly. For example, it may be advisable to exclude the .edb, .eml and .tmp extensions when using Microsoft Exchange servers.

Performance exclusions can be used to white-list folders. You can add there all folders you don't want to be scanned.

Detection exclusions can be used to whitelist specific detected threat. Here is my exclusion for uTorrent which I created during Initial scan detection:

image.thumb.png.df884fc29a3b468782c6ac07f96cf0d5.png

 

In your case I would use either Process exclusion (to list processes that perform file operations) or Performance exclusion (to list folders where file operations happen).

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...