fldevs

Exclusions

9 posts in this topic

So I went through the exclusions KB Microsoft and added the folders the rules and checked "include subfolders". It did specify certain files and file types but I can't figure out how to add these into the policy. HELP!

Share this post


Link to post
Share on other sites
So I went through the exclusions KB Microsoft and added the folders the rules and checked "include subfolders". It did specify certain files and file types but I can't figure out how to add these into the policy. HELP!

 

Heya,

 

You need to be on Kaspersky Security Center 9 console, then open up a policy, go to General Protection Settings and in the right side click Settings... under Exclusions and trusted zones part. And there you go, you can add exclusions there.

 

Hope this helps.

Share this post


Link to post
Share on other sites
Heya,

 

You need to be on Kaspersky Security Center 9 console, then open up a policy, go to General Protection Settings and in the right side click Settings... under Exclusions and trusted zones part. And there you go, you can add exclusions there.

 

Hope this helps.

 

Correct and that's what I did ('%winDir%\SoftwareDistribution\Datastore\Logs' for example) but can't figure out how to specify the file types/specific files (Res*.log, Edb*.jrs, Edb.chk,Tmp.edb for the previous rule specifiec). I only see the option to exclude the entire folder and the option to exclude subfolders.

Share this post


Link to post
Share on other sites

You just type the file type instead of browsing (*.mdf or *.ldf) and that should do the trick.

 

Share this post


Link to post
Share on other sites
You just type the file type instead of browsing (*.mdf or *.ldf) and that should do the trick.

 

1) Can the files or file type be added after the folder address?

2) Can multiple files or types be added after the folder address or must there be a rule for each?

Share this post


Link to post
Share on other sites
1) Can the files or file type be added after the folder address?

2) Can multiple files or types be added after the folder address or must there be a rule for each?

 

1) Yes it can be. for example (%systemroot%\System32\CatRoot2\tmp.edb).

2) Hmm, you can exclude multipe files of the same type or of the same name. for example (%ProgramFiles%\Microsoft SQL Server\MSSQL\data\*.ndf) this will exclude all the .ndf files in that folder.

 

I hope any of this help....

Share this post


Link to post
Share on other sites
So I went through the exclusions KB Microsoft and added the folders the rules and checked "include subfolders". It did specify certain files and file types but I can't figure out how to add these into the policy. HELP!

You can choose to accept MS recommendations and Kaspersky recommendations to be automatically set up in the trsuted zone - Exclusion list, but a Word of Warning...

 

some of those inclusions are not correct! I've been going over and compiling a list of our Exchange and SQL servers (several versions in use, which will later be upgraded t the latest version, but unitl then I have to make sure I cover all the versions), and besides our customizations whihc placed the db files, log files, and trace files, etc. on different (but standard) drives/disks, the executables and other files are installed at the default locations, and the pahs differ slightly from version to version of each product. While a lot of the exlusions compiled by Kaspersky for automatic selection are correct, it is by no means 100% correct. For example, Exchange Server uses version no in the path, such as Program Files\ Exchange Server\v14\..... and usually you can use %ExchangeInstallPath% as the environment variable in place of "%ProgramFiles%\Exchange Server\v14\" whereas Kaspersky lists the some of the exclusions with only "%ProgramFiles%Exchange Server\"

 

So be careful if you have different versions of a product in use on different machines!

Share this post


Link to post
Share on other sites

Kaspersky exclusions include pretty much all MS products and their default installation path, so they aren't very useful if you apply them directly. Better use them as a draft and add them manually to corresponding server policies.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now