new user, trial license, want to buy, but having issues

Recommended Posts

so I have downloaded the console and installed on it on windows 2008 r2 server. have deployed EAM to approx. 30 machines.


my issue is our accounting package, Business Works, is getting blocked by behavior blocker. I have entered the following exclusions for both "excluse from scanning" and "excluse from monitoring" and the client gets the policy, I see the exclusions listed on the local client EAM... but the user still gets the pop up and responds with "wait, this app is ok"

Business Works uses a ton of different "task#####.exe" to run multiple programs hence the \tasks\*.exe exclusion shown below.

here are my exclusions, are UNC paths not supported? (I even created application rules, and marked as trusted, EAM still triggers a behavior block)




also is there a way to exclude from a certain directory and include all subdirectories? e.g. \\myservername\BWGOLD\BWPROG\*.exe and include all subdirectories below that level?

EEC ver. 2018.3.0.3338, 26 clients, trial mode.

EAM Version, 2018.3.0.8555 running on windows 7 64 bit os


any help is MUCH appreciated.


Share this post

Link to post
Share on other sites

hi fxdwg, welcome.

Let me try to explain some basics:

- it makes no sense to add files to 'Exclude from scanning' when they are blocked by the Behavior Blocker. Such exclusions are valid for signature based detections (File Guard and Scanner) only.

- UNC paths are supported.

- Folder exclusions always require a trailing slash i.e. c:\temp\

Could you please try to switch a client to the beta update feed in EAM: Settings/Updates:  Update Settings. perform and update and try if the accounting app still is blocked.
if so, pls add a folder exclusion: \\myservername\BWGold\BWProg\
in 'Monitoring exclusions'  and try again.






Share this post

Link to post
Share on other sites

ok, I did some more testing... (and tried the beta update stream as well) and it behaved the same way.

I did check and I am using monitor exclusions...

so I ran the program logged in as myself to see the actual EAM block dialog. (I had been going just by the log files from the console server.)

emsisoft sees the path as this \\myserver.mydomain.local\BWGold\ however I was EXCLUDING \\myserver\BWGold\ ... and EAM doesn't realize those are the same locations. not sure if that is a bug, or by design. but it would be nice in the console logs or emails, it would give the full path and filename. I would have been able to figure this out several days ago.

I do appreciate the help! and the explanation of not needing to put this exclusion in the SCAN.

Share this post

Link to post
Share on other sites

Hello fxdwg!

If you can, would you also send the file listed below from one of the computers having the accounting issues to [email protected] and mention my name? I'd like to check the detections over and see if there's something long term that can be done, but I'm guessing short of the monitoring exclusion that Frank walked you through, anything we'd do to whitelist that application would be a temporary band-aid until its next update.

C:\Program Files\Emsisoft Anti-Malware\Logs\Logs.db3

Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    No registered users viewing this page.