NiThR0

Monitoring exclusions

Recommended Posts

Monitoring exclusions rule like a

<DISK>:\<SOME FOLDER>\*.<SOME EXTENSION>

doesnt work.

EXAMPLE:

D:\MY_FILES\*.exe

 

EAM version: 2018.10.1.9026

Share this post


Link to post
Share on other sites

I just tested this with the batch file in the ZIP archive at the following link:
https://www.gt500.org/emsisoft/bb_test.zip

The exclusion for monitoring worked as expected, allowing the batch file to run without reaction from Emsisoft Anti-Malware. I even tried it a second time with your example path (D:\MY_FILES\*.bat).

Are you putting the exclusion in the top list, or the bottom list?

Share this post


Link to post
Share on other sites

What version of Windows? 32-bit or 64-bit?

Here's how to check if Windows is 32-bit or 64-bit:

  • Hold down the Windows key on your keyboard (the one with the Windows logo on it, usually between the Ctrl and Alt keys) and tap R to open the run dialog.
  • Type control system into the field, and click the OK button.
  • Roughly in the middle, below where it says System, look to the right of System type to see if it says 32-bit Operating System or 64-bit Operating System.

Share this post


Link to post
Share on other sites

Could you export your logs, and attach them to a reply for me to review? Here's how to do that:

  1. Open Emsisoft Anti-Malware.
  2. Click on Logs.
  3. Make sure that the search field is empty (it should only say Search in it).
  4. Click on the button to the right of the search field, and make sure that the option named Select all is turned on under Components.
  5. Click on the Export button in the lower-left, and save the log somewhere easy to find.
  6. Attach the log file you saved to a reply.

Share this post


Link to post
Share on other sites

The only file in D:\MY_FILES that I am seeing in the log is bb_test.bat. I am seeing a ZIP archive containing malware that is detected by the File Guard, however note that Monitoring exclusions don't effect the File Guard. Monitoring exclusions only apply to the Behavior Blocker, and not to the scanning engines that are used by the File Guard for real-time protection.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.