Misza 3 Posted December 19, 2023 Share Posted December 19, 2023 Hi ESET community, can exclusions as per linked document below be set centrally in ESET PROTECT web console as a policy and applied to a group of endpoints. https://kb.teramind.co/hc/en-us/articles/1500006056281-Antivirus-Configuration-Guide#eset-endpoint-security-0-20 Link to comment Share on other sites More sharing options...
Administrators Marcos 5,074 Posted December 19, 2023 Administrators Share Posted December 19, 2023 It is not clear what issues should detection exclusions address according to the KB. Are those excluded drivers detected by ESET? If so then it's most likely because they are vulnerable. However, it might make sense to create performance exclusions via a policy like what Microsoft suggests for MS Exchange but these should be provided by the application maker and should be used with care and address or prevent actual issues. Link to comment Share on other sites More sharing options...
Misza 3 Posted December 21, 2023 Author Share Posted December 21, 2023 Hi Marcos, thank you for your reply. Are performance exclusions via policy able to achieve same as setting up Detection Exclusions on the endpoint's AV? Can you point me to a bit of documentation on how to set up these. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,074 Posted December 23, 2023 Administrators Share Posted December 23, 2023 Detections exclusions cannot resolve performance issues. Detection exclusions should be used if you deliberately keep a file detected by ESET on a disk, e.g. a kind of potentially unsafe application for remote monitoring or administration, vulnerable drivers for which no fixed version exists. etc. https://help.eset.com/ees/11/en-US/idh_exclude.html Link to comment Share on other sites More sharing options...
Misza 3 Posted January 3 Author Share Posted January 3 @Marcos Thank you for your reply, am I correct in saying that Performance Exclusions can be set to prevent ESET from scanning a given path, and no detections should occur from a folder set in the Performance Exclusion Policy. So for example if I set C:\ProgramData\{4CEC2908-5CE4-48F0-A717-8FC833D8017A}\* path in the exclusion policy no detections should occur in that folder and its subfolders, correct? Using https://help.eset.com/protect_cloud/en-US/create_exclusion.html as a reference. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,074 Posted January 3 Administrators Share Posted January 3 2 minutes ago, Misza said: am I correct in saying that Performance Exclusions can be set to prevent ESET from scanning a given path, and no detections should occur from a folder set in the Performance Exclusion Policy. So for example if I set C:\ProgramData\{4CEC2908-5CE4-48F0-A717-8FC833D8017A}\* path in the exclusion policy no detections should occur in that folder and its subfolders, correct? Correct. However, to prevent a particular detection from being reported on files in that folder, it's safer to use detection exclusions. Link to comment Share on other sites More sharing options...
Misza 3 Posted January 3 Author Share Posted January 3 But Detection exclusions can only be set once the detection occurs, correct? And these can only be set per endpoint on which the detection occurred. My aim is to prevent from these detections to happen on multiple endpoints. so the application installation/upgrade proceeds without any interruptions, and notifications on user side. Link to comment Share on other sites More sharing options...
Administrators Solution Marcos 5,074 Posted January 3 Administrators Solution Share Posted January 3 Yes, that's true. Currently it's possible to create only performance exclusions prior to actual detection. Link to comment Share on other sites More sharing options...
Recommended Posts