bEeReE 4 Posted April 11 Share Posted April 11 Hi there, Using 7.4.1600 I can exclude processes under Settings/File Protection/Excluded Processes I e.g. listed my Backup Software Arq but CPU usage for Eset (especially com.eset.endpoint) still goes up when backup tasks run. How to fully exclude Eset from all that belongs to tools such as Backup / Cloud Sync etc. ? Link to comment Share on other sites More sharing options...
ESET Staff Robertos 24 Posted April 11 ESET Staff Share Posted April 11 Hi, you must write complete path to process binary. It is not sufficient to use application bundle only. Wildcards are not supported. e.g. if I want to exclude Safari I should create process exclusion with process path: /Applications/Safari.app/Contents/MacOS/Safari Peter Randziak 1 Link to comment Share on other sites More sharing options...
ESET Staff Robertos 24 Posted April 11 ESET Staff Share Posted April 11 If you set correct exclusion to backup process you could still see that real time protection is scanning backup files because other system processes could access those files, e.g. spotlight indexer. This could be turned off by correct performance expulsions on target or may be source folders. But if you will exclude so much it is dangerous, you can backup infections too. So if such huge exclusion is used it is important to scan source backup folder[s] by custom on-demand scan with In-Depth profile before backup. This on-demand scan on source data before doing backup is good to do regardless exclusions because od-scan, especially in in-depth profile, does more strong scanning that real time protection. RTP can not do it because strong scannig is time consuming and not too much real time. Peter Randziak 1 Link to comment Share on other sites More sharing options...
bEeReE 4 Posted April 11 Author Share Posted April 11 15 minutes ago, Robertos said: If you set correct exclusion to backup process you could still see that real time protection is scanning backup files because other system processes could access those files, e.g. spotlight indexer. This could be turned off by correct performance expulsions on target or may be source folders. But if you will exclude so much it is dangerous, you can backup infections too. So if such huge exclusion is used it is important to scan source backup folder[s] by custom on-demand scan with In-Depth profile before backup. This on-demand scan on source data before doing backup is good to do regardless exclusions because od-scan, especially in in-depth profile, does more strong scanning that real time protection. RTP can not do it because strong scannig is time consuming and not too much real time. Thanks a lot - I've managed to add those processes and verified with eicar (turning real-time off, put to source folder, executed backup) that it is working. Nevertheless, is there a possibility to see which files are currently being scanned by eset (or record a log for certain time)? Link to comment Share on other sites More sharing options...
czesetfan 29 Posted April 11 Share Posted April 11 29 minutes ago, Robertos said: If you set correct exclusion to backup process you could still see that real time protection is scanning backup files because other system processes could access those files, e.g. spotlight indexer. This could be turned off by correct performance expulsions on target or may be source folders. But if you will exclude so much it is dangerous, you can backup infections too. So if such huge exclusion is used it is important to scan source backup folder[s] by custom on-demand scan with In-Depth profile before backup. This on-demand scan on source data before doing backup is good to do regardless exclusions because od-scan, especially in in-depth profile, does more strong scanning that real time protection. RTP can not do it because strong scannig is time consuming and not too much real time. Interesting claim that real-time protection has a lower detection capability. Which scan engine settings can remedy this? Real-time protection for newly created and modified files should after all be maximum. Isn't it? Link to comment Share on other sites More sharing options...
Recommended Posts