Jump to content

ESET exclusion not working


Recommended Posts

Case 1:

This is not the first time this is happening. I have tried to set the exclusion of my complete download folder in Windows to the exclusion list in ESET Internet Security. I also did a clean install of Windows, installed ESET Internet Security again, and again set the exclusion of the download folder in the exclusion list. I even went into the download folder and set the subfolders in the exclusion list, but ESET is still scanning them with real-time protection. However, it ignores them during a contextual scan.

Why is this happening even after I did a clean install of Windows? The issue is only persisting on my laptop. When I try to restore the detected file from quarantine back to my download folder, which is set as an exclusion, it says it is unable to restore.

Case 2:

ESET detected a PUP/PUA in my folder, which is not in the exclusion list. When I try to restore that file from quarantine, it says the same thing: unable to restore the file.

I have attached an image for case 2 and also the ESET logs for case 1.

I need urgent help.

Capture.PNG

eis_logs.zip

Link to comment
Share on other sites

  • Administrators

Exclusions work. The thing is that you have added some folders under c:\users to the performance exclusions list, however, since the on-demand scanner follows links it scanned also the junction folder c:\documents and settings where the PUA was detected.

1, If you want not to detect a specific detection, create a detection exclusion instead of a performance exclusions which are less safer. That said, I'd recommend removing all performance exclusions and creating detection exclusions as follows:

image.png

2, Restoring files to links is not possible for security reasons. Instead of restoring the file to C:\Documents and settings, restore it to the appropriate folder under C:\Users.

Link to comment
Share on other sites

Posted (edited)

Well, this works, but here is the drawback: even if I set it in the exclusion folder, it will not detect the files as malware but instead will scan all the files, which is really weird.

Are there settings if I keep the folder in exclusion state, the real-time and context menu will simply ignore the folder? I need those settings, as they were exactly available in old ESET versions. The new version has really complicated exclusion settings

Edited by Flexx
Link to comment
Share on other sites

"And to add to this, I tried to restore all the files to the same exact folder, but it still shows 'failed to restore'."

Link to comment
Share on other sites

  • Administrators

There are two type of exclusions:

1, Performance exclusions
These are meant to be used to resolve performance issues. Files and folders in performance exclusions will not be scanned whatsoever. Should be used with care and as a last resort to resolve performance issues since any malware in excluded folders would not be detected and could run undetected.
2, Detection exclusions
These are meant to exclude specific detections on a particular file, folder or everywhere regardless of the location. They are safer than performance exclusions if you exclude only potentially unsafe or unwanted applications and not actual threats.

I would recommend using detection exclusions since they are applied regardless of the file location if no path is specified. If you exclude a file or folder under C:\users, you must create also a similar exclusion for the junction in c:\Documents and settings.

As for restoring the file from quarantine, the option "Restore" won't work. You must select "Restore to" and browser to the appropriate folder under c:\users. Restoring to C:\Documents and settings won't work.

Link to comment
Share on other sites

  1. I created a performance exclusion, and it works well. It excludes all folders and subfolders from scanning, but it only applies to contextual scans. When real-time protection is enabled, it still scans the folders in the exclusion list, which it shouldn't.

  2. Let's set aside detection exclusion for now.

Now, can you tell me why I'm facing issues with the performance exclusion scan? Despite setting up exclusions, why is real-time detection scanning and detecting samples without any notification? When I personally check the quarantine section, I see these detections.

To simplify, I followed the instructions here (https://help.eset.com/ees/9/en-US/idh_performance_exclusions.html), but while the contextual scan isn't detecting any malware, real-time protection is. Why is this happening?

Link to comment
Share on other sites

  • Administrators

The file in quarantine was detected by the on-demand scanner in C:\Documents and Settings\AaXXsh\AppData\Roaming\bittorrent\BitTorrent.exe. This folder was not excluded.

Real-time protection detected only the following in folders that were not excluded:

1, C:\Users\AaXXsh\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\198b1dbef7ece2ad03770a72810f2b485859f245\7cbaf0d9-75db-44f4-91cc-96c388a9dfc7\ab7659e87d9bdace_0    HTML/ScrInject.B trojan
2, C:\Users\AaXXsh\Desktop\down_arrow.png    JS/Redirector.QKM trojan

 

Link to comment
Share on other sites

Marcos, kindly ignore the logs. This is different from the logs. I had deleted the files from quarantine that were detected by ESET real-time protection for the folders that were set to the exclusion list.

As of now, I have kept my quarantine clean. I have excluded all the folders in the performance scan that I want to. I will wait to see if the files in those folders still get detected, and I will be back after 2 days with the results, or hopefully before that.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...