Jump to content
Tybilly

Exclusion rules are not applied

Recommended Posts

Hello,

 

KES10 SP1 Beta3 is installed on a computer running MS Windows 8.1 Enterprise x64.

Some trojans are detected in an archive and I'm trying to exclude them so that they're not detected anymore.

Therefore I created an exclusion rule for the folder where this archive is located, applying to any protection components:

post-1491-1419606345_thumb.png

 

However when running a manual scan on this archive, files are still detected:

post-1491-1419606432_thumb.png

 

Find GSI report of affected computer in attachment:

GetSystemInfo_DB_M4700_Damien_2014_12_26_15_42_54.zip

 

Thank you.

Share this post


Link to post
Hello,

 

KES10 SP1 Beta3 is installed on a computer running MS Windows 8.1 Enterprise x64.

Some trojans are detected in an archive and I'm trying to exclude them so that they're not detected anymore.

Therefore I created an exclusion rule for the folder where this archive is located, applying to any protection components:

post-1491-1419606345_thumb.png

 

However when running a manual scan on this archive, files are still detected:

post-1491-1419606432_thumb.png

 

Find GSI report of affected computer in attachment:

GetSystemInfo_DB_M4700_Damien_2014_12_26_15_42_54.zip

 

Thank you.

 

Hi,

 

Could you please clarify what about full scan, does it get detected or it does just when you select the folder manually?

 

Thank You!

Share this post


Link to post

Hi,

 

Could you please clarify what about full scan, does it get detected or it does just when you select the folder manually?

 

The detection also occurs during a full scan.

It is an archive and it is not scanned by the File Antivirus by default, so no detection when I select it manually

 

Share this post


Link to post
Hi,

The detection also occurs during a full scan.

It is an archive and it is not scanned by the File Antivirus by default, so no detection when I select it manually

 

Hello,

I suppose the archive format is TAR?

Is malware detectable when it's extracted from this archive?

Thanks.

Share this post


Link to post

Hello,

I suppose the archive format is TAR?

Is malware detectable when it's extracted from this archive?

 

It is a .tar.gz archive.

Malware is not detected when it is extracted from this archive thanks to the exclusion rule created at first place.

post-1491-1420284406_thumb.png

 

We can conclude that the rule works for files and folders but not for archives.

Is this related to the archive format?

 

Thank you.

Share this post


Link to post
Hello,

It is a .tar.gz archive.

Malware is not detected when it is extracted from this archive thanks to the exclusion rule created at first place.

post-1491-1420284406_thumb.png

 

We can conclude that the rule works for files and folders but not for archives.

Is this related to the archive format?

 

Thank you.

 

Hi,

 

I think the same behavior should be with another formats. Please try to zip it and check the behavior.

 

Thank You!

Share this post


Link to post

Hi,

 

I think the same behavior should be with another formats. Please try to zip it and check the behavior.

 

Yes, the same behavior with a ZIP archive.

It looks like a bug, files shouldn't be detected whatever their format is as long as an exclusion rule is configured for the folder in which those files are stored.

 

Thank you.

 

Share this post


Link to post
Hi,

Yes, the same behavior with a ZIP archive.

It looks like a bug, files shouldn't be detected whatever their format is as long as an exclusion rule is configured for the folder in which those files are stored.

 

Thank you.

 

Hello,

could you provide us KES policy, export of full scan task and report after full scan?

Thanks.

Share this post


Link to post

Hello,

 

could you provide us KES policy, export of full scan task and report after full scan?

 

I can only reproduce the problem when selecting the archive and select "Scan for viruses" option.

Therefore I can't send you an export of the task, because it is the a local "Virus scan" task.

 

Still I can provide you with the KES policy and the report after scan, would it be sufficient for you?

 

Thank you.

 

Share this post


Link to post

×
×
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.