fxdwg

Member
  • Content Count

    3
  • Joined

  • Last visited

Everything posted by fxdwg

  1. i have searched and not found anything on this. I have a particular PC that throws these two PUP's each night during scan. I have done full scans manually and these don't pop. should I be concerned? or can someone point me in how I stop this from happening? Emsisoft protection software alerted Emsisoft Enterprise Console [DOMAIN\PCNAME] to the following finding: Detected object: Application.AdInstall (A) Location: Key: HKEY_USERS\S-1-5-21-3704245261-2278236271-281409796-500\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Type: Potentially Unwanted Program Risk: NotCategorized Detected by: File Guard Performed action: Detected Machine: DOMAIN\PCNAME User: Scheduler Timestamp: 11/29/2018 10:01:19 PM
  2. ok, I did some more testing... (and tried the beta update stream as well) and it behaved the same way. I did check and I am using monitor exclusions... so I ran the program logged in as myself to see the actual EAM block dialog. (I had been going just by the log files from the console server.) emsisoft sees the path as this \\myserver.mydomain.local\BWGold\ however I was EXCLUDING \\myserver\BWGold\ ... and EAM doesn't realize those are the same locations. not sure if that is a bug, or by design. but it would be nice in the console logs or emails, it would give the full path and filename. I would have been able to figure this out several days ago. I do appreciate the help! and the explanation of not needing to put this exclusion in the SCAN.
  3. so I have downloaded the console and installed on it on windows 2008 r2 server. have deployed EAM to approx. 30 machines. my issue is our accounting package, Business Works, is getting blocked by behavior blocker. I have entered the following exclusions for both "excluse from scanning" and "excluse from monitoring" and the client gets the policy, I see the exclusions listed on the local client EAM... but the user still gets the pop up and responds with "wait, this app is ok" Business Works uses a ton of different "task#####.exe" to run multiple programs hence the \tasks\*.exe exclusion shown below. here are my exclusions, are UNC paths not supported? (I even created application rules, and marked as trusted, EAM still triggers a behavior block) \\myservername\BWGold\BWProg\Tasks\*.exe \\myservername\BWGold\BWProg\*.exe also is there a way to exclude from a certain directory and include all subdirectories? e.g. \\myservername\BWGOLD\BWPROG\*.exe and include all subdirectories below that level? EEC ver. 2018.3.0.3338, 26 clients, trial mode. EAM Version, 2018.3.0.8555 running on windows 7 64 bit os any help is MUCH appreciated.