Nikilet

How do I exclude things from scan

Recommended Posts

I have discovered that a program I purchased for backing up my system is slowing my startup and shutdowns, and also causing a lot of herkey-jerky activity in my computer when it's running. It is called Genie Timeline Home.

 

I wrote to the company and they gave me a couple of directories to exclude from getting scanned by a real time monitoring application. How do I add those to the exclusion list?

 

They also said if my anti-virus can exclude processes (.exe), to exclude three of Genie's processes from being scanned. Again I need to know how to add these.

 

Thank you.

Share this post


Link to post
Share on other sites

  • Open Emsisoft Anti-Malware from the icon on the desktop.

Click Protection.

Select File Guard in the menu at the top.

On the right side, roughly in the middle, click on the Manage whitelist button.

Share this post


Link to post
Share on other sites

I can't do anything from that Whitelist window.It says to type or select an item to add but I can't type anything and there is nothing in there to select. Something has to be missing here.

 

I see under Applicatrion Rules, Surf Protection or Behavior Blocker you can add things, but I can't do anything under Whitelist.

 

OK -------------------------------

I figured out how to add things. Now where do I go to SEE what I have added to this Whiteless? What if I want to remove something I have added there?

post-26590-0-97921200-1455387869_thumb.jpg
Download Image

post-26590-0-63135400-1455387880_thumb.jpg
Download Image

Share this post


Link to post
Share on other sites

I don't have the program on this computer, look for three little dots on the right of the line where you enter files. Click on them to open a file manager. Been a long time since I asked the exact same question !!

Share this post


Link to post
Share on other sites

Clicking on Manage Whitelist will bring up your whitelist - the list of things that EAM will ignore when it scans. To remove an entry, just click on the cross under Remove on the rightmost column.

Share this post


Link to post
Share on other sites

Clicking on Manage Whitelist will bring up your whitelist - the list of things that EAM will ignore when it scans. To remove an entry, just click on the cross under Remove on the rightmost column.

That makes perfect sense to me, but it doesn't work. The 5 things I added today are not there. Nothing is there. Just a blank page with the columns.

Share this post


Link to post
Share on other sites

I don't have the program on this computer, look for three little dots on the right of the line where you enter files. Click on them to open a file manager. Been a long time since I asked the exact same question !!

The only thing clicking on the 3 little dots brings up is explorer so that you can select an item to add to the list.

Share this post


Link to post
Share on other sites

In Manage White List, on the bottom left is a down arrow. Clicking it allows you to add a file, folder, process or name. If I pick folder, that lines name changes to Folder. At the right end of the line are three dots in a small gray box. If you click on them, explorer opens and you can pick a folder, not a process, file or name.

 

I have the program up and it works the way I said.

 

If you followed my directions and it doesn't work, you have a program problem. I would download a new install file and install over the top.

 

Unless one of the gurus has a better idea.

Share this post


Link to post
Share on other sites

I can't do anything from that Whitelist window.It says to type or select an item to add but I can't type anything and there is nothing in there to select. Something has to be missing here.

 

I see under Applicatrion Rules, Surf Protection or Behavior Blocker you can add things, but I can't do anything under Whitelist.

 

OK -------------------------------

I figured out how to add things. Now where do I go to SEE what I have added to this Whiteless? What if I want to remove something I have added there?

See in post #3 that I figured out how to add things. But now I want to know where those things I added are. If I decide I want to remove something from that whitelist, where do I do that?

Share this post


Link to post
Share on other sites

... The 5 things I added today are not there. Nothing is there. Just a blank page with the columns.

Windows Vista, right? Emsisoft Anti-Malware version 10 may have had that bug where you could only add one thing to the whitelist at a time. Basically you add one thing, close it, then reopen it to add another thing, close it again, and repeat as many times as necessary. There's an easier way around this by using the export/import settings function, if you are comfortable with editing the config file for the whitelist by hand in Notepad or something similar (please don't use Microsoft Word, Wordpad, OpenOffice.org, or other office/word processor type programs).

Share this post


Link to post
Share on other sites

I'm not comfortable with editing this file. So are you saying that if I go back and add these 5 items, one at a time, closing and reopening the program after each one they will then appear?

 

Adding things one at a time and closing down after each one did not work either. I open the Whitelist and there is nothing there. Maybe i better try editing the configuration file if that's what it takes. This means I can not add anything to the Whitelist in Emsisoft and that's no good.

Share this post


Link to post
Share on other sites

Could you take a screenshot of the entry in the whitelist before you click 'OK' to close it, and post it for me to see?

Share this post


Link to post
Share on other sites

Here is the screenshot you asked for. BTW, I have another computer with Windows 7 which has the newer version of Emsisoft and it's no different on this computer than on my Vista. In fact, I took this sceenshot on the Windows 7 machine.

post-26590-0-36381900-1455775383_thumb.jpg
Download Image

Share this post


Link to post
Share on other sites

The whitelist isn't being maintained on either computer? Does your user account have administrator rights?

Share this post


Link to post
Share on other sites

Yes, I have an administrator's account.

 

Maybe I don't have an administrator's account. For the heck of it I Googled it. My Account says Cindy - Administrator, however, see the screen I get when I bring up System Properties.

 

Also, in another area it said to bring up computer management console and if I am not able to access local users & groups I do not have administrator rights on this computer. 

 

So I guess I'll ask you to tell me.

 

post-26590-0-55117500-1455853096_thumb.jpg
Download Image

post-26590-0-32243300-1455853898_thumb.jpg
Download Image

post-26590-0-81487300-1455853907_thumb.jpg
Download Image

Share this post


Link to post
Share on other sites

The quickest way to check would be to do the following:

  • Hold down the Windows key on the keyboard (the one with the Windows logo on it, usually between the Ctrl and Alt keys) and tap R to open the Run dialog.
  • Type in lusrmgr.msc and click OK.
  • Click on Users in the list on the left.
  • Double-click on your user account.
  • Switch to the Member Of tab.
  • Look for Administrators in the list.
If you find Administrators in the list, then your account has administrative rights. Just be sure to click Cancel when done, so that no changes to your account are saved when you exit.

Share this post


Link to post
Share on other sites

I m on my laptop right now -- Windows 7. I can not use the lursmgr.msc (see screenshot)

 

I went to User Accounts (see screenshot) and selected "Change your account type" to see what it shows (see screenshot). To me, this means I have an administrator account.

 

I haven't tried your instructions on my desktop (Vista) but I will get back to this.

 

--------------------------------------------------

Ok, now I'm on my desktop (Vista) and I get the same message when I try to use lursmgr.msc. I am attaching another screenshot showing what it says when I go to User Accounts/Change account type. Once again, to me this means I have an administrator's account.

post-26590-0-17092300-1455916528_thumb.jpg
Download Image

post-26590-0-82442900-1455916630_thumb.jpg
Download Image

post-26590-0-44015600-1455919036_thumb.jpg
Download Image

Share this post


Link to post
Share on other sites

Yes, those screenshots show your account has administrator rights.

Lets try the following , and see if it clears the issue with the whitelist:

  • Uninstall Emsisoft Anti-Malware.
  • Restart your computer twice.
  • Download and reinstall Emsisoft Anti-Malware from this link (for Windows XP and Vista) or this link (for Windows 7 and newer).

Share this post


Link to post
Share on other sites

I uninstalled and then reinstalled using the correct install package for XP and Vista. It still doesn't work. I type the item in and as soon as I click ok it disappears and when I reopen there is nothing there. 

 

I think we'll just leave this for right now. I'm planning on installing Windows 7 on this computer and then I will reinstall using the Windows 7 installation file and after that we'll check things out and if they don't work then, I'd like to find a solution. 

 

Thanks for everyone's help so far! I appreciate it.

Share this post


Link to post
Share on other sites

I'm back, I forgot that I'm also having this same problem on my laptops, which already has Windows 7 on it and which has the newer version of Emsisoft, 11.0.0.6131. The same thing happens when I add files to the whitelist. They disappear as soon as I cick OK, and when I go back in they aren't there.

Share this post


Link to post
Share on other sites

Lets get a log from FRST, and see if it shows the cause of the issue. Please download Farbar Recovery Scan Tool (FRST) from one of the following links, and save it to your Desktop (please note that some web browsers will automatically save all downloads in your Downloads folder, so in those cases please move the download to your desktop):

For 32-bit (x86) editions of Windows:

For 64-bit (x64) editions of Windows:Note: You need to run the version compatible with your computer. If you are not sure which version applies to your computer, then download both of them and try to run them. Only one of them will run on your computer, and that will be the right version.
  • Run the FRST download that works on your computer (for Windows Vista, Windows 7, and Windows 8 please right-click on the file and select Run as administrator).
  • When the tool opens click Yes for the disclaimer in order to continue using FRST.
  • Press the Scan button.
  • When the scan is done, it will save a log as a Text Document named FRST in the same place the tool was run from (if you had saved FRST on your desktop, then the FRST log will be saved there).
  • Please attach the FRST log file to a reply using the More Reply Options button to the lower-right of where you type in your reply to access the attachment controls.
  • The first time the FRST tool is run it saves another log (a Text Document named Addition - also located in the same place as the FRST tool was run from). Please also attach that log file along with the FRST log file to your reply.

Share this post


Link to post
Share on other sites

These are the files from FRST for my desktop computer running Window Vista Home Premium 32 Bit.

 

Do you want me to run FRST on my laptop running Windows 7 Home Premium 64 Bit now and also post those files, or wait until we have the problem solved on the desktop? Please let me know.

FRST.txt

Addition.txt

Share this post


Link to post
Share on other sites

Do you have Malwarebytes Anti-Malware on both computers?

Also, can you try opening the a2whitelist file to see if there is anything inside it? You'll find it in the following location:

C:\Program Files\Emsisoft Anti-Malware

Share this post


Link to post
Share on other sites

a2whitelist.ini

opened with notepad: ;File timestamp: 1456830250

 

a2whitelist.ini.backup

opened with notepad: ;File timestamp: 1456830250

 

Yes, I have Malwarebytes Anti-Malware on both computers.

Share this post


Link to post
Share on other sites

If you let me know what files/folder you are trying to exclude, and what type of exclusion you are trying to create for them (Process, Folder, File, etc) then I can write a config file that you can try importing to see if that works. As long as I can find the files/folders in your FRST logs then that won't be an issue, however if I can't then I may need you to give me the full path and file names.

Share this post


Link to post
Share on other sites

Genie Timeline recommended I add the set Emsisoft so that it would not scan the following:

  • C:\Program Files\Genie9
  • C:\Users\(Your Username)\AppData\Roaming\Genie9
  •  
  • C:\Program Files\Genie9\Genie Timeline\GenieTimeline.exe
  • C:\Program Files\Genie9\Genie Timeline\GenieTimelineService.exe
  • C:\Program Files\Genie9\Genie Timeline\GenieTimeLineAgent.exe

I am puzzled by something tho. I understand a little with the Vista since I can't even run the newest version of Emsisoft on this computer; however, why should I be having the same problem with my other computer which has Windows 7 on it and does run the new version of Emsisoft? We are talking about two different computers, two different operating systems, and Emsisoft is doing the same disfunction on both.

Share this post


Link to post
Share on other sites

I am puzzled by something tho. I understand a little with the Vista since I can't even run the newest version of Emsisoft on this computer; however, why should I be having the same problem with my other computer which has Windows 7 on it and does run the new version of Emsisoft? We are talking about two different computers, two different operating systems, and Emsisoft is doing the same disfunction on both.

It's possible that something is preventing Emsisoft Anti-Malware from writing to its whitelist. We'll see if it is able to import the settings I am attaching to this message.

Here's the ZIP archive with the whitelist settings file in it. Go ahead and download this, and save it somewhere easy to find (such as your Desktop):

whitelist_file.zip

After you download the above file and save it somewhere, you will need to find it, and then right-click on it and select Extract all. It will open a new folder when done with the a2whitelist file in it. This is what you will be importing into Emsisoft Anti-Malware.

Now open Emsisoft Anti-Malware, click on Settings in the menu at the top, and click on the Import settings button near the upper-right (below where it says "Backup and Restore Settings"). Navigate to the a2whitelist file and double-click on it to open it.

Please note that you may need to restart your computer after doing this.

Share this post


Link to post
Share on other sites

I performed the task you asked me to, however, something screwy is going on because when I opened the Security Overview, it shows that I am only partially protected because my software is out of date (see screenshot). That should not be because this computer has been on 24/7 and the updates should have run automatically as they are supposed to and normally do. Now it's either taking forever for these updates to run or the program is just stuck. I don't know which. 

 

On another note, I did go into the Protection/File Guard/Manage Whitelist and the Genie items are now showing (see screenshot).

 

I think I am just going to restart and see what happens because no way should it take this long to update, even if it was 5 days worth. I'll come back and edit after the restart.

 

P.S. I'm back after restart. It's still showing that I'm only partially protected and still running to update. If I try the uninstall and reinstall again, per the links you gave earlier in this post. Should I use the EAM cleaning utility to uninstall?

post-26590-0-52340800-1457431101_thumb.jpg
Download Image

post-26590-0-57445800-1457431202_thumb.jpg
Download Image

Share this post


Link to post
Share on other sites

The Behavior Blocker isn't checked in the whitelist for some of the files. Try importing this whitelist instead:

whitelist_file.zip

Does it just get stuck updating, and never finish? If so, then it's probably a TEMP file issue. Easiest fix is to do the following:

  • Hold down the Windows key on the keyboard (the one with the Windows logo on it, usually between the Ctrl and Alt keys) and tap the R key to open the Run dialog.
  • Type in %TEMP% and click OK.
  • Find a folder named a2temp and delete it.
  • Restart your computer and see if the update process completes.
Please note that it may be necessary to start your computer in Safe Mode With Networking before trying the steps above. Here's a link to instructions on how to do that.

Share this post


Link to post
Share on other sites

I imported the second whitelist file you gave me and Behavior Blocker is now selected for all ... I think. See screenshot.

 

Emsisoft is still trying to update this morning and now says it's been six days since an update. I found the a2temp file and deleted it. Now I will restart and report back

 

Ok -- After restart Emsisoft is finally running like normal so it must have been that temp file you had me remove. 

 

Is it possible that Emsisoft and Malwarebytes are interfering with each other? Long ago the forums for each program gave me items to exclude from the other's scans and I never had any problem. But I've had to un- and reinstall both programs a number of times and perhaps those exclusions have been lost. I say this because I am also having some weird things happening with MBAM. 

 

Now I also need to address my laptop/Windows 7 with this Whitelist problem.

post-26590-0-25806700-1457527258_thumb.jpg
Download Image

Share this post


Link to post
Share on other sites

I just realized that one of the paths says the following:

C:\Users\(Your Username)\AppData\Roaming\Genie9
Where it says (Your Username) that should be replaced with your username, like the following (I found these three paths in your FRST log):

C:\Users\Test\AppData\Roaming\Genie9
C:\Users\Braeden\AppData\Roaming\Genie9
C:\Users\Administrator\AppData\Roaming\Genie9
The second one is probably the most important, although it looks like your user profile name is "Cindy" instead of "Braeden"? If so, then that means there may be a fourth one that isn't in the log (it only lists folders created/modified within the last 30 days).

Share this post


Link to post
Share on other sites

I created a "Test" account when I was checking out the administrative deal, but I could remove that now. 

 

There is my account, Cindy, and then a standard account called "Braeden" that I created for my grandson to play his games on.

I changed that item C:\Users\(Your Username)\AppData\Roaming\Genie9 to C:\Users\Cindy\AppData\Roaming\Genie9

 

Does this mean I need two sets of these entries -- one for each account (Cindy and Braeden)?

 

What about the issue of mbam and eam interfering with each other?

 

Please tell me what I need to do to set things right. 

Share this post


Link to post
Share on other sites

Does this mean I need two sets of these entries -- one for each account (Cindy and Braeden)?

It's more than likely a folder to save configuration information, so you'd only need it if you use the "Genie9" software in that user profile.

What about the issue of mbam and eam interfering with each other?

I'd recommend adding the Emsisoft Anti-Malware folder to the exclusions in MBAM. Malwarebytes should have instructions on how to add an exclusion at this link. Your computer will need to be restarted after doing this.

If you would also like to add MBAM to the exclusions in EAM, then add the following folder:

  • C:\Program Files\Malwarebytes Anti-Malware
And you can add the following files as Process exclusions:
  • C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
  • C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
  • C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
Once again, the computer will need to be restarted after adding these exclusions. Exclusions can't fully apply to a program until that program is completely shut down, so when adding exclusions for security software like this it is best to restart the computer afterwards.

Share this post


Link to post
Share on other sites

post-26590-0-59050200-1457728139_thumb.jpg
Download ImageI don't know what's going on with this program. I added the mbam items (see #1) and clicked OK, and when I re-opened the Whitelist there was only one mbam item there -- C:\Program Files\Malwarebytes Anti-Malware\mbam.exe

and it had switched from Process back to File and the three boxes were unchecked. 

 

i tried to start over and do it again and this time when I opened it up see #2. On the third try one of my Genie process items had also disappeared.

 

Having said all this, is there any possibility my mouse could be causing the problem? I just had a terrible time trying to add these screenshots, and I would say that the problem seemed to be coming from the mouse action somehow. I noticed something on my web email. When I click on an email that I just want to delete (not open), it will open instead of allowing me to just click and Delete. I'm going to the Windows forum to check on this.

 

P.S.

I tried adding the items again and then just clicking on OK and restarting, thinking maybe the changes would be retained if I did that. It didn't work. I also tried a different mouse and while it's true that this mouse isn't working right, that apparently wasn't the problem either. I don't know enough about any of this to figure anything out so will wait to hear from you again.

 

I did add C:\Program Files\Emsisoft Anti-Malware folder to mbam exclusions, without problem. 

post-26590-0-37178800-1457728154_thumb.jpg
Download Image

post-26590-0-66635600-1457728321_thumb.jpg
Download Image

Share this post


Link to post
Share on other sites

On Windows Vista it is normal for only one of the new entries to remain in the whitelist when you close it, however I'm not sure what could be causing it to uncheck all of the Guards like that. Shall we try another whitelist import (updated with the MBAM entries)?

whitelist_file.zip

As with adding them manually, the computer will need to be restarted after doing this.

Share this post


Link to post
Share on other sites

This is what it looks like now that I've again imported your Whitelist.

 

However, it still concerns me that the program apparently is not working correctly -- not on this Vista machine and not on my Windows 7 laptop either. 

 

Now we still have to deal with my laptop. I'll get on that, follow this post through and then post back here, unless you want me to start a new topic???

post-26590-0-89359600-1457797078_thumb.jpg
Download Image

Share this post


Link to post
Share on other sites

Now we still have to deal with my laptop. I'll get on that, follow this post through and then post back here, unless you want me to start a new topic???

You can keep it in this topic if you would like.

You can try importing the latest whitelist file on your Windows 7 computer, however please note that the paths may be different since it is a different computer, so I may have to tweak it again for you.

As for the issue with things not working, have we tried a fresh install on the Windows 7 computer?

Share this post


Link to post
Share on other sites

I guess we are not done with this Vista computer after all. I hadn't been on all day today and when I came to the computer, mbam is telling me it's out of date and yet it keeps searching for updates and nothing happens. In addition, Emsisoft is doing the same thing it was before. It also is running, running and nothing is happening and my security center is giving me an alert. 

 

I went back in the instructions you gave me before and again found and deleted that a2temp file and now I am going to restart.

 

I forgot to mention that it was showing that Emsisoft had not been updated for 7 days. That is not true because I've been on the computer every day and got that box that pops up to tell you an update has been downloaded and installed. It also shows that the next scan is scheduled for March 11th, and today is March 18th. I have no idea what is going on but this program isn't working right and now mbam is doing the same thing.

post-26590-0-62876000-1458352980_thumb.jpg
Download Image

Share this post


Link to post
Share on other sites

I guess we are not done with this Vista computer after all. I hadn't been on all day today and when I came to the computer, mbam is telling me it's out of date and yet it keeps searching for updates and nothing happens. In addition, Emsisoft is doing the same thing it was before. It also is running, running and nothing is happening and my security center is giving me an alert.

Once upon a time, bother MBAM and EAM used WinINet to check for an download updates over HTTP. I'm not sure if MBAM 2.x still does (they could be using cURL now), but EAM does still use WinINet. Just for reference, WinINet is the same API that Internet Explorer uses to load webpages and files over HTTP, so if Internet Explorer is working then so should EAM's update process.

There are other things that can interfere with the update process, such as problems with the TEMP folders. Try the following, and let me know if that helps:

  • Hold down the Windows key on your keyboard (the one with the Windows logo on it, usually between the Ctrl and Alt keys) and tap the R key to open the Run dialog.
  • Type %TEMP% into the field, and click the OK button.
  • A window should open showing you your TEMP files.
  • Look for a folder named a2temp, and if you find it then delete it.
  • Restart your computer.
Please note that you may need to restart your computer in Safe Mode With Networking if you have trouble deleting the a2temp folder. Here's a link to instructions on how to do that.

Share this post


Link to post
Share on other sites

You had already told me about the a2 temp folder and that worked for me the first time I tried it. But I tried it last night, restarted and it didn't work this time. Right now I have two security programs that are not functioning -- both MBAM and EAM. 

 

The only thing I can think of is to try un- and reinstalling again and this time I think I will use that Emsiclean this time. I think I will uninstall mbam also, then restart and reinstall firsts EAM -- restart -- and then reinstall MBAM -- restart.

 

P.S. I decided to start with MBAM and after I got that uninstalled and then reinstalled, Emsisoft started working. I guess I will wait and see if things remain stable and if they don't, then I will go for another un- and reinstall of Emsisoft. If I should not use the Emsiclean please advise because at this point if I do have to uninstall Emsisoft it would be my plan to use that.

Share this post


Link to post
Share on other sites

Its weird that both programs can't update, I run both and have no problems so i don't think its a conflict.

I see you responded on the MBAM forum too. Thanks. As you can see, so far so good. I don't know what got things off because I've been using both programs for quite a long time and never had a problem. 

Share this post


Link to post
Share on other sites

You can keep it in this topic if you would like.

You can try importing the latest whitelist file on your Windows 7 computer, however please note that the paths may be different since it is a different computer, so I may have to tweak it again for you.

As for the issue with things not working, have we tried a fresh install on the Windows 7 computer?

I think I am going to just leave my Windows 7 computer alone because both EAM and MBAM are working fine there and I don't want to rock the boat. EAM is working good since I reinstalled MBAM so I didn't need to reinstall that. 

 

Thanks much for your help and patience!! :)

Share this post


Link to post
Share on other sites

P.S. I decided to start with MBAM and after I got that uninstalled and then reinstalled, Emsisoft started working. I guess I will wait and see if things remain stable and if they don't, then I will go for another un- and reinstall of Emsisoft. If I should not use the Emsiclean please advise because at this point if I do have to uninstall Emsisoft it would be my plan to use that.

It may have been an issue with the WFP driver that MBAM uses. It could have also been an issue with their software that caused it to start mistakenly blocking the EdgeCast CDN, which both Malwarebytes and us use to handle downloads, although this is less likely as the IP addresses are different. When I checked with nslookup, these were the addresses I got:

dl.emsisoft.com - 72.21.81.253
download.malwarebytes.org - 93.184.216.111
I have a feeling that for download.malwarebytes.org the address will vary more than it will for dl.emsisoft.com as well. For dl.emsisoft.com I've noticed that the address appears to be 72.21.81.253 regardless of where in the United States or Canada I check even though traceroute clearly shows servers in different locations (I think it's called anycast where multiple servers have the same IP address), whereas the way Malwarebytes has it set up the IP address can be different in every major city in the United States.

I know that might be a bit too much technical information, however I figured that even if you don't need that information there might be someone else who does. ;)

  • Upvote 1

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.