Jump to content

Program can't be excluded


Recommended Posts

We recently started installing the managed business version of Emsisoft on client company computers and have run into a wall with one bit of software running on a single computer. I isolated that computer to it's own group and started testing exclusions. First I tried excluding the executable. Still blocked. Next I added the folders it runs out of and stores data in [the folder IN program files, programdata, and appdata]. Still blocked. Then I tried excluding ALL of the user directory, both program files folders, and programdata. Still nothing. For the sake of being thorough I then excluded the entire C: and the program still won't run. 
What DOES work however is just turning off the file guard. 
Preferably I'd like to make an exclusion that works but if that's not possible I'd like to know how to stop the management console from complaining about the file guard being off on just that computer. That specific computer's ONLY purpose is that software and alternate methods can be used to better secure it if needed.

It's also worth noting this software runs independent of network resources [can run without being attached to any network] so there's no need to exclude things like net drives or shared resources. 

Link to comment
Share on other sites

I'm just a user, not an Emsisoft employee, and I have never used the Business version of EAM so if it's significantly different then what I write may be irrelevant.

 

It's not entirely clear from what you write whether the "one bit of software running on a single computer" is only installed on one computer, or is installed on more but only causing a problem in one instance.

Is the software concerned something that only you (or your business clients) have, or can anyone install it?   Does it do anything security-related?

Does the machine with this problem have any other security software installed?

What Scan Level do you have File Guard set to (Default, Thorough or Paranoid)?

When the program is blocked, does it start and then fail to do something, or does it not start at all?  Is it, for example, unpacking other programs or resource files and those are the things that are causing the detection, but - say - they're not placed in any of the folders you're excluding?   Edited later:  Files placed in TEMP quite often cause this sort of problem, and if they have random names that can make excluding just the right ones tricky too (since one is unlikely to be willing to risk excluding the whole of TEMP).   I realise that excluding the whole of C:\ probably suggests that unpacking to somewhere isn't the issue ... unless the machine concerned has other disks?  Or, is there any possibility that the software concerned implements a RAM disk or some kind of virtual file system for its own use?  On that sort of topic, is the software running in a VM?

Have you asked whoever supplied this program whether there's any known problems making it work with anti-malware software (from any/other vendors)?

Is EAM giving you a specific reason for the block, eg that it thinks the program (or eg some process it attempts to start) has a specific problem?   Do any files get quarantined when the block occurs?

I suppose it's possible that whatever it is detecting might be a false positive, and if the detection signatures get updated the problem will go away.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...