Jump to content

Recommended Posts

Posted

I have ESET File Security for Microsoft® Windows® Server 4.5.12011 installed on server and I try with remote administration v5.0.511

to create policy with some file exclusion using OS environment variable. it seem that is not working, I have to use the absolute path.

 

But automatic file exclusion use Environment variable and is working.

 

  • Administrators
Posted

System variables should work, user variables not as they are not available in the local system account.

Posted

Do you see a problem with this execption list:

 

%systemroot%\Sysvol\Domain\*\*.adm
%systemroot%\Sysvol\Domain\*\*.admx
%systemroot%\Sysvol\Domain\*\*.adml
%systemroot%\Sysvol\Domain\*\Registry.pol
%systemroot%\Sysvol\Domain\*\*.aas
%systemroot%\Sysvol\Domain\*\*.inf
%systemroot%\Sysvol\Domain\*\Fdeploy.inf
%systemroot%\Sysvol\Domain\*\Scripts.ini
%systemroot%\Sysvol\Domain\*\*.ins
%systemroot%\Sysvol\Domain\*\Oscfilter.ini

 

 

I also try to replace the %SYSTEMROOT% by %WINDIR%

 

its not working either.

 

but when I replace the variable by c:\wiidows......its working.

 

Can you test this on your side.

Posted

There are exclusions already defined in default ERAS policies, they are the same you try to write. See under Windows Server 4.5 -> Server protection -> Server -> Automatic exclusions. These rules will make correct exclusions no matter you have your AD folders in Windows directory or on separate partition.

Posted

If I not mistaken the ESET Automatic Exception List doesn't point at %systemroot%\Sysvol\Domain but at %systemroot%\Sysvol\Sysvol

Posted (edited)

OK, you are right.

 

Tested your exclusions, not working for me also.

 

Found this

hxxp://www.wilderssecurity.com/showpost.php?p=2043414&postcount=6

 

Re: Setting Exceptions, wildcards and system variables.

I asked ESET's tech support the same question and here is part of their reply.

So it looks like v5 will be able to handle this. For now I manually added the exceptions for each staff member (20), but once v5 is available this should be easier to configure properly.

-------
Thank you for contacting ESET Customer Care.
Unfortunately environment variables are not supported in ESET 4.x or below products. ESET version 5 products will be supporting Environment variables. Currently the only variables ESET recognises are "*" and "?" without the "".

 

ESET File Security major version is 4 and, despite what Marcos is saying later in that thread from Wilders Security, system variables don't work on EFSW 4.5.

Edited by karlisi
Posted

If I not mistaken the ESET Automatic Exception List doesn't point at %systemroot%\Sysvol\Domain but at %systemroot%\Sysvol\Sysvol

 

As of your exclusions, you want to exclude exactly the same files which are in ESET automatic exclusions.

%systemroot%\Sysvol\Domain leads to the same place as %systemroot%\Sysvol\Sysvol\<your domain name>\

Posted

You are right, I was not take the time to check that before trying to  implement these exclusion, they effectively leading to the same place.

 

Thanks, also I receive an email from ESET support about the issue on using system variable in File Security for Microsoft® Windows® Server 4.5.

 

You can see below, a small part of the email:

 

We can now confirm that it is not possible to create an exclusion in format %windir%\*.* in server products (v4 branch), however it is possible to do that in Endpoint products (v5).

A request to add this option in v5 of server products has been sent to development.

 

 

PS: they mean V4

Posted

Before implementing this antivirus on my DC. I create an Virtual Env. to test it.

 

I think  the automatic exclusion is not good, because If I understand correctly how the exclusion work is:

 

For example:

 

The automatic exclusion add  this rule:

 

%systemroot%\Sysvol\Sysvol\*.inf

 

This mean that all  INF file in the current folder (not subfolder) are excluded.

 

but what we need is all subfolder, not only the current folder. the rule should be:

 

%systemroot%\Sysvol\Sysvol\*\*.inf

 

 

the /*  mean all subfolder

 

 

I am wrong..?   what I don't understand in the rule that is create by  the automatic exclusion list (for DC)

  • 3 months later...
Posted (edited)

In these 3 months had some exchange of emails between me and ESET Latvian support. I gave them some additional information and that's all, no feedback. Still waiting and hope someone on ESET is working on this problem.

Edited by karlisi
  • 2 weeks later...
Posted

Received answer from ESET support. This bug will be fixed in next ERAS version.

  • 1 month later...
Posted (edited)

Sorry to say, in ERAS 5.1.38, released yesterday, bug still not fixed, exclusions for Windows AD controllers are wrong.

Edited by karlisi
  • Administrators
Posted

For me system variables work fine even with older versions of ERA and Endpoint. I've pushed a configuration with %windir%\* excluded and eicar wasn't detected in c:\windows afterwards.

However, this doesn't work with v4 so we can conclude that using system variables for exclusions in configuration files was first supported in Endpoint products.

Posted

System variables in exclusionsin general are OK. Perhaps I should start new thread for this problem, bug in default exclusions for Windows Active Directory domain controllers.

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...