fxdwg

new user, trial license, want to buy, but having issues

Recommended Posts

so I have downloaded the console and installed on it on windows 2008 r2 server. have deployed EAM to approx. 30 machines.

 

my issue is our accounting package, Business Works, is getting blocked by behavior blocker. I have entered the following exclusions for both "excluse from scanning" and "excluse from monitoring" and the client gets the policy, I see the exclusions listed on the local client EAM... but the user still gets the pop up and responds with "wait, this app is ok"

Business Works uses a ton of different "task#####.exe" to run multiple programs hence the \tasks\*.exe exclusion shown below.

here are my exclusions, are UNC paths not supported? (I even created application rules, and marked as trusted, EAM still triggers a behavior block)

\\myservername\BWGold\BWProg\Tasks\*.exe

\\myservername\BWGold\BWProg\*.exe

 

also is there a way to exclude from a certain directory and include all subdirectories? e.g. \\myservername\BWGOLD\BWPROG\*.exe and include all subdirectories below that level?

EEC ver. 2018.3.0.3338, 26 clients, trial mode.

EAM Version, 2018.3.0.8555 running on windows 7 64 bit os

 

any help is MUCH appreciated.

 

Share this post


Link to post
Share on other sites

hi fxdwg, welcome.

Let me try to explain some basics:

- it makes no sense to add files to 'Exclude from scanning' when they are blocked by the Behavior Blocker. Such exclusions are valid for signature based detections (File Guard and Scanner) only.

- UNC paths are supported.

- Folder exclusions always require a trailing slash i.e. c:\temp\

Could you please try to switch a client to the beta update feed in EAM: Settings/Updates:  Update Settings. perform and update and try if the accounting app still is blocked.
if so, pls add a folder exclusion: \\myservername\BWGold\BWProg\
in 'Monitoring exclusions'  and try again.

Thanks



 

 

 

 

Share this post


Link to post
Share on other sites

ok, I did some more testing... (and tried the beta update stream as well) and it behaved the same way.

I did check and I am using monitor exclusions...

so I ran the program logged in as myself to see the actual EAM block dialog. (I had been going just by the log files from the console server.)

emsisoft sees the path as this \\myserver.mydomain.local\BWGold\ however I was EXCLUDING \\myserver\BWGold\ ... and EAM doesn't realize those are the same locations. not sure if that is a bug, or by design. but it would be nice in the console logs or emails, it would give the full path and filename. I would have been able to figure this out several days ago.

I do appreciate the help! and the explanation of not needing to put this exclusion in the SCAN.

Share this post


Link to post
Share on other sites

Hello fxdwg!

If you can, would you also send the file listed below from one of the computers having the accounting issues to [email protected] and mention my name? I'd like to check the detections over and see if there's something long term that can be done, but I'm guessing short of the monitoring exclusion that Frank walked you through, anything we'd do to whitelist that application would be a temporary band-aid until its next update.

C:\Program Files\Emsisoft Anti-Malware\Logs\Logs.db3

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.