Jump to content

Whitelist command not working


Recommended Posts

Hi Team,

 

Can you tell me what is wrong with this whitelist file?

 

Trojan.Generic.KDV.764073
Backdoor.Generic.750553
Backdoor.Generic.758207
Application.AppInstall
Application.InstallAd
Application.AdReg
 
 
Is it necessary for it to include the parenthesis name? I tried it with the parenthesis name below, but it wasn't working.
 
Trojan.Generic.KDV.764073 (B)
Backdoor.Generic.750553 (B)
Backdoor.Generic.758207 (B)
Application.AppInstall (A)
Application.InstallAd (A)
Application.AdReg (A)

 

Link to post
Share on other sites

Report the false positive in the False positives support forum. Our developers check the forum several times during the day. Reporting in the forum will get the attention quicker then using the report FP feature in EEK.

The EEK whitelist is maintained in a2whitelist.ini, if it is not being created then there may be a permission problem. I do not recommend manually editing the a2whitelist.ini.

Link to post
Share on other sites
  • 2 weeks later...

Looks like it doesn't work. Here is what my whitelist.txt file has:

 
C:\Documents and Settings\All Users\Application Data\bigfix
HKEY_USERS\SC\FW_Release\SOFTWARE\BIGFIX
HKEY_LOCAL_MACHINE\SOFTWARE\BIGFIX
 
This is what I get back after the scan:
C:\Documents and Settings\All Users\Application Data\bigfix detected: Application.AppInstall (A)
Key: HKEY_USERS\SC\FW_Release\SOFTWARE\BIGFIX detected: Application.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\BIGFIX detected: Application.InstallAd (A)
 
Link to post
Share on other sites
  • 2 weeks later...

This is the command I'm running:

a2cmd.exe /m /t /c /f=C: /l=C:\Monitoring\virusscan_run.txt /wl=C:\Monitoring\Emsisoft\whitelist.txt

 

Here is what the whitelist file contains:

 

FILE: C:\Monitoring\Emsisoft\whitelist.txt

C:\Documents and Settings\All Users\Application Data\bigfix
HKEY_USERS\SC\FW_Release\SOFTWARE\BIGFIX
HKEY_LOCAL_MACHINE\SOFTWARE\BIGFIX
Link to post
Share on other sites

The whitelist should consist of detection names, file paths, and folder paths; each on a separate line. However, after extensive testing I have come to the conclusion that a2cmd is not loading and parsing the whitelist. This has been elevated to our developers.

Link to post
Share on other sites

I was able to isolate what is breaking the whitelisting in a2cmd, and the proper whitelist format.

Your whitelist should look like:

Application.AdReg
Application.AdReg (A)
Application.AppInstall
Application.AppInstall (A)
Application.InstallAd
Application.InstallAd (A)
Backdoor.Generic.750553
Backdoor.Generic.750553 (B)
Backdoor.Generic.758207
Backdoor.Generic.758207 (B)
Trojan.Generic.KDV.764073
Trojan.Generic.KDV.764073 (B)
C:\Documents and Settings\All Users\Application Data\bigfix
Make sure to save it as an ANSI or UTF-8 w/o BOM encoded file.
Link to post
Share on other sites
  • 2 months later...

OMG it worked! How does it work by the way? I'm curious why there needs to be a (A) and (B) for each one.

That is which engine is responsible for the detection.

(A) is our detection engine

(B) is the BitDefender engine.

Does it also support registry key entries?

Using the detection name should work for whitelisting registry items.
Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...