Scan Exclusions are not persistent

Products ITarian Endpoint Manager
1

When adding scan exclusions on the client (Virusscan and Containment) these setting are not persistent. I don’t even think they are effective at all.

2

Hello @datatainment ,

Thank you for sending us the video.
Please note that since we have comodo client communication installed on our endpoint, any changes should be perform on our portal as it will still follow the configuration
you have set on the cloud going to your endpoints.
https://help.comodo.com/topic-399-1-786-10202-Antivirus-Settings.html#custom_scans

If you want to exclude a trusted application out of containment, we recommend to whitelist it by path.

The best way of doing Whitelisting by PATH would be through the use of File Groups:
https://help.comodo.com/topic-399-1-786-10158-Creating-and-Managing-File-Groups.html

What you would need to do:

  1. Clone a Predefined Hardened Profile and edit it (or use an existing one)
  2. Go to Settings > System Templates > File Groups Variables > Create a new file group, give it a name. Scroll to it, expand (click the+) in the field “New File Group Path” you can include the app in question
  3. You can now enter all the areas, files and extensions, that you want to whitelist. You can use wildcards:
    ?:\ - this substitutes any disk drives
    \filename.extension - This substitutes any folder path. It will be interpreted as all instances of “file.exe” regardless of the path.
    *\ - This substitutes a portion in a file name path that may change depending on the username for example C:\Users*\Roaming\Microsoft\Windows
    C:\random     - Will match any files in folders with names starting with “random”, for example: C:\randomname, C\randomfolder, C:\randomsometing etc.
    . - Will match all files in the current directory, but none in sub-directories, for example: C: est*.*
    C:\random* - Will match all files in the current directory and sub-directories, for example: C: est*
    %appdata% , %programdata%, %windir% are also accepted.
  4. When you are done, you should add the exceptions in all the modules.
    Access the Profile applied on the machine (Configuration Templates > Profiles > Click the one in question) then go through each module:
    Containment:
    Rules > Add Rule > Action:Ignore, Type: File groups, Target: Select the previously created one > Ok.
    Settings > Do not Virtualize access to the specified files/folders > Exclusions > Exclusion groups > Add > File Groups > Select the previously created one.

Please tell us if this is something that can help you otherwise we need to further investigate the case.

KRegards,

3

Thanks for your explanation. I think it works now.
Are the excluded Paths handled recursive or do I need to add all folders?

4

Hello @datatainment,

No need, once you add the root folder all of its sub-folders including files within that folder would be whitelisted too.

Regards,