How to get Client Security to stop editing exclusions list?

I had to leave two other antivirus products due to false positives with Sage 300 ERP. I switched to Comodo, and sadly, it also quarantines 3 files from Sage 300 ERP accounting suite as viruses when they are not. They were different files than the other programs flagged as infected.

I found the Comodo Client - Security already has 3 entries in it’s exclusion list as a default: Recycle bin, C:\Program Files\COMODO\COMODO Internet Security, and %WINDIR%\Prefetch*.pf. I added C:\Sage300* and F:*, the latter being a USB key that held backup files. I could close the Comodo Security client, and reopen it and my entries were still there, even after a reboot. So far so good.

I then transferred files from F:\Program\Runtime to C:\Sage300\Runtime, and I get a message from Windows saying that F:\Program\Runtime\a4wrsvr.exe is missing. I check Comodo’s quarantine, and sure enough, a4wrsvr.exe has been quarantined! I check the exclusion list, and the entries I made are now gone, with only the 3 original defaults there! (Recycle bin, C:\Program Files\COMODO\COMODO Internet Security, and %WINDIR%\Prefetch*.pf).

I put my entries back in (C:\Sage300* and F:*) and updated the Security Client from version 10.3.0.6601 to version 10.4.0.6695, then checked the exclusion list again, and my entries had again been removed!!

The only way I can manage to keep Sage 300 running is to remove the Comodo Security Client completely, but running without virus protection in a corporate environment is beyond foolish.

As another bit of info, I am 100% certain that Sage 300 is clean. As with the previous antivirus programs, I can send the file that gets quarantined in to virustotal.com, and it gets flagged by Comodo as “Unclassified Malware” while 61 others deem it safe.

My big question is how can I get Comodo to stop “self-editing” my exclusion list, and leave Sage 300 ERP alone for good, and have the faith that it’s going to keep leaving it alone for the future??

Hello @gregs_electronics
We do believe you with your assessment of the Sage 300 being a clean (and legitimate application). The advise that we will have to share with you concerning file/folder exclusions is to perform these actions on the associated profile and NOT on the client-side CCS (Comodo Client Security). The changes you made on the client-side are being ‘overruled’ by the settings on the associated profile. Feel free to check the following wiki guides:

How to define exclusions for files and folders

How to White List files based on File group

Aside from file/folder exclusion, you can also try the file trust ratings to manually trust an ‘unknown’ file (at your discretion).

Just in case, feel free to check the help guide on managing Profiles so that you can properly manage your endpoints…

Are you adding the exclusions directly on the endpoint ?? If so then by default ITSM will remove these and re apply the profile. You must make these changes in the profile. OR you can select the setting that allows the user to overwrite the settings. But I recommend you keep all changes in the profile.