Problems with exclusion - ESET Endpoint Security

[tc330 0]

Hello,

 

in the meantime we are using ESET Enpoint Security (Version 5.0.2254.0) in our company.

 

I see again a strange issue on a client software we are using in combination with ESET.

 

If the Antivirus protection is enabled we got an error, if it is disabled we don't get this error.

By the way we found also during the failure investigation that we can also avoid the error, if we don't enable the "debug flag" (with this flag the client software is logging more information) for the mentioned client software.

 

So with enabled debug flag (which should the default setting / usage for the client software) and the activated ESET antivirus protection we got the error!

 

I have excluded the hole client directory (see attachments), but it seems that ekrn is still something doing with some files from this directory.

 

Why is this the case....?

 

Regards

TC330

[Marcos 5,074]

That doesn't mean the files are actually scanned. You can test exclusions by putting the eicar test file to an excluded folder and then accessing it. It'd be best if the developer of the software in question would investigate why they are throwing an error. It could be something with timing.

[tc330 0]

Hello,

 

... thanks that you will be in my thread again!

 

The excluded folder settings / functionality seems to be working with the eicar test file in general. So if I put the test virus in the mentioned client application folder it's not cleaned and I don't get a virus message. If I put it somewhere else (outside the exclusion) both things will be done.

Also if I exclude the hole c:\*.* it seems to be working.

But if I let the c:\*.* exclusion active and I run the client software I still have the error.

 

Of course something is coming from client software, but I'm also sure that something is related to ESET antivirus!

 

As I already explained, if I deactivate the ESET antivirus the client software is working without getting the error. So ESET has to be involved..!

 

How can I make a deeper analysis what is going wrong from ESET side or how can I define a workaround from ESET side?

 

Regards

TC330

[tc330 0]

Hello,

 

maybe as additional info we are using Windows 7 embedded on the client.

 

Something seems for me to be equal as with the last issue I mentioned here..., https://forum.eset.com/topic/879-problems-with-exclusion-of-files-fold ?!

 

At least the antivirus makes something what I don't understand...?!

 

Regards

Thomas

Edited May 13, 2016 by tc330

[Marcos 5,074]

It is necessary to contact the vendor of the application to debug it further as we don't have their code at our disposal. It is normal that ekrn.exe accesses files even if they are excluded, otherwise it could not apply exclusions for instance.

[tc330 0]

Hello,

 

sorry, but your answer isn't helpful...!

 

It isn't possible to change every client software in real life, if there will pop up some failures in relation with the usage of ESET.

Without ESET antivirus no application failure appears...., so I see the resolution on ESET side and not on client application side.

 

We can't change all existing software in our company, because ESET is doing something strange and the software can't handle the normal functionality of other needed software and it isn't possible to configure the antivirus in the way to do so!

 

To say see check your client software is not acceptable for me..!

 

Regards

[Marcos 5,074]

We are not talking about every client software. Nobody here in this forum has complained about this issue so it must be specifically that particular software which has issues with other software (specifically AV) accessing its files. The vendor of that software would need to debug their code to find out what they are doing improperly to prevent this from happening.