How to correctly exclude processes from scanning

[bEeReE 4]

Hi there,

Using 7.4.1600 I can exclude processes under Settings/File Protection/Excluded Processes

I e.g. listed my Backup Software Arq but CPU usage for Eset (especially com.eset.endpoint) still goes up when backup tasks run. How to fully exclude Eset from all that belongs to tools such as Backup / Cloud Sync etc.

?

 

 

[Robertos 24]

Hi, you must write complete path to process binary. It is not sufficient to use application bundle only. Wildcards are not supported.

 

e.g. if I want to exclude Safari I should create process exclusion with process path:
/Applications/Safari.app/Contents/MacOS/Safari

 

[Robertos 24]

If you set correct exclusion to backup process you could still see that real time protection is scanning backup files because other system processes could access those files, e.g. spotlight indexer. This could be turned off by correct performance expulsions on target or may be source folders. But if you will exclude so much it is dangerous, you can backup infections too. So if such huge exclusion is used it is important to scan source backup folder[s] by custom on-demand scan with In-Depth profile before backup. This on-demand scan on source data before doing backup is good to do regardless exclusions because od-scan, especially in in-depth profile, does more strong scanning that real time protection. RTP can not do it because strong scannig is time consuming and not too much real time.

[bEeReE 4]

15 minutes ago, Robertos said:

If you set correct exclusion to backup process you could still see that real time protection is scanning backup files because other system processes could access those files, e.g. spotlight indexer. This could be turned off by correct performance expulsions on target or may be source folders. But if you will exclude so much it is dangerous, you can backup infections too. So if such huge exclusion is used it is important to scan source backup folder[s] by custom on-demand scan with In-Depth profile before backup. This on-demand scan on source data before doing backup is good to do regardless exclusions because od-scan, especially in in-depth profile, does more strong scanning that real time protection. RTP can not do it because strong scannig is time consuming and not too much real time.

Thanks a lot - I've managed to add those processes and verified with eicar (turning real-time off, put to source folder, executed backup) that it is working. Nevertheless, is there a possibility to see which files are currently being scanned by eset (or record a log for certain time)?

[czesetfan 29]

29 minutes ago, Robertos said:

If you set correct exclusion to backup process you could still see that real time protection is scanning backup files because other system processes could access those files, e.g. spotlight indexer. This could be turned off by correct performance expulsions on target or may be source folders. But if you will exclude so much it is dangerous, you can backup infections too. So if such huge exclusion is used it is important to scan source backup folder[s] by custom on-demand scan with In-Depth profile before backup. This on-demand scan on source data before doing backup is good to do regardless exclusions because od-scan, especially in in-depth profile, does more strong scanning that real time protection. RTP can not do it because strong scannig is time consuming and not too much real time.

Interesting claim that real-time protection has a lower detection capability. Which scan engine settings can remedy this? Real-time protection for newly created and modified files should after all be maximum. Isn't it?