Guest Eran Posted August 21, 2013 Share Posted August 21, 2013 Hello We use End point protection in our company and we have a lot of troubles with excluding files and applications from eset firewall. So my question is: Is there a way to exclude specific .exe files without naming their location ? can ESET identify them by some kind of fingerprint ? most our users install softwares in different locations (It's internal software and they are not in Program files) and we do not want to create rule for each user that use different folders. Moreover, some users running a batch script that replace some .exe files in a lot of folders and i don't see any way to exclude the file itself instead of creating a rule for each folder. We moved from Symantec couple of months ago because of performance issues but there we could manage and exclude files as we wanted. Thanks Eran Link to comment Share on other sites More sharing options...
Administrators Marcos 4,911 Posted August 21, 2013 Administrators Share Posted August 21, 2013 Unfortunately, this is not possible. Creating general rules for files just by name while ignoring the path would be dangerous as the rules would be easily applied for malware, too, if the same file name was used by malware. Link to comment Share on other sites More sharing options...
Guest Eran Posted August 21, 2013 Share Posted August 21, 2013 Unfortunately, this is not possible. Creating general rules for files just by name while ignoring the path would be dangerous as the rules would be easily applied for malware, too, if the same file name was used by malware. I understand this is dangerous but eset is an enterprise solution for a lot of companies and should consider think of something that can help administrators. as for now i have to disable the application modification detection because my users cannot work. Is there a page where i can leave feedback to eset development team ? Thanks anyway Eran Link to comment Share on other sites More sharing options...
ESET Insiders PodrskaNORT 17 Posted August 21, 2013 ESET Insiders Share Posted August 21, 2013 Eran, I'm just courious :-) Are those files detected as threat? What kind of? If they are threats - why would it be fine to exclude them? If they are not - are they False alarms? Something else? Tomo Link to comment Share on other sites More sharing options...
Guest Guest Posted August 21, 2013 Share Posted August 21, 2013 Eran, I'm just courious :-) Are those files detected as threat? What kind of? If they are threats - why would it be fine to exclude them? If they are not - are they False alarms? Something else? Tomo Yes ESET detect those files as a threat because they replace executable files and also using the internet (I agree it's a virus behavior), but they are not a threat for me. We have developers trying to automate their work with a batch script and the antivirus pops up everytime because we turned on application modification detection. I cannot exclude it because they have more than 40 folders and this is just one project at a time. I think that the rules should be orginaized and i wish i could do some general rule to avoid this situation. We would like to get the best protection in our systems but also let our developers work. Disabling the protection feature is just not a good solution although iI'm going to limit it to a specific computers. I hope eset team will see this thread and see if they can do anything. Link to comment Share on other sites More sharing options...
ESET Insiders PodrskaNORT 17 Posted August 21, 2013 ESET Insiders Share Posted August 21, 2013 Yes ESET detect those files as a threat because they replace executable files and also using the internet (I agree it's a virus behavior), but they are not a threat for me. I believe ESET would be able to help you somehow if you send them suspicious files as false alarms (if they are :-) ). Sometimes specific application packers or exe packing option can provoke alerts in AV-products, but after analysis of false alarm files ESET can eventually help your programmers do the work with improving detection to all other ESET users at the same time... Tomo Link to comment Share on other sites More sharing options...
Arakasi 549 Posted August 23, 2013 Share Posted August 23, 2013 Guest_Eran_* I see what you are trying to do. Please see my attached picture. Take Note, this is for the Home version nod32 engine, however i am almost positive End Point has the same section. AFAIK If your developers are writing batch files , you can simply exclude .bat and .cmd file extensions and the real time and on-demand will not scan those types of files for threats. However, i have seen thousands of viruses in my days that are batch files and scripts. By adding this type of option, you will free up terminals running batch files but those same workstations will be vulnerable to batch made virii. Hope this helps. Any Mod feel free to correct me if i am wrong. Link to comment Share on other sites More sharing options...
Guest Eran Posted August 25, 2013 Share Posted August 25, 2013 Hi Arakasi Thank you for your response.I believe this is not the same thing. realtime protection is part of the antivirus module and application modification detection is part of the firewall module. Applications that changing executables and using the internet or some kind of network will be blocked by the firewall (this is my case) and applications that are not using the network will be blocked/detected by real time anti virus protection. Unfortunately I cannot upload an image to show you the eset setup menu it because we are blocking all online storage sites here but you can read more here. Anyway thanks for the help. I don't think there is an option right now in Endpoint protection and I opened this thread in order to give feedback and hope ESET team will do something with it. Thanks, Eran Link to comment Share on other sites More sharing options...
Recommended Posts