cancel
Showing results for 
Search instead for 
Did you mean: 

Can not make VSE Anti-Spy MaxProtect:execute temp folder exclusion for Kingston Datatraveler launcher

Maybe I'm missing something in the syntax for my exclusion.

Threat Name: Anti-spyware Maximum ProtectionSmiley Tonguerevent all programs from running files from the Temp folder

Threat Source Process Name: G:\DTLPLUS_LAUNCHER.EXE

Threat Target File Path: C:\Users\testuser\AppData\Local\Temp\DTLocker+-G\DTLplus_Launcher.exe

In the policy I have trimmed it for troubleshooting.

Processes to include: *

Processes to exclude: *.exe

I have tried the filename, upper/lower/mixed case, filename with path, and combinations of wildcards, but I get the feeling it may be related to the plus and minus sign in the path.

Turning off blocking for this policy allows it to work, but I would prefer to have it as an exclusion.

I am running ePO 5.0.1 (228), Agent 4.8.0.1938, VSE 8.8.0.1385

Although I have Gold Support (or whatever Intel calls it now)  I was told they would not escalate due to my ePO version.

Any help or second set of eyes would be appreciated, especially if I'm overlooking something obvious.  I have looked through the online documentation and community but could not find anything specific for this.

Thank you kindly.

1 Reply
wwarren
Level 15
Report Inappropriate Content
Message 2 of 2

Re: Can not make VSE Anti-Spy MaxProtect:execute temp folder exclusion for Kingston Datatraveler launcher

You'll want to have a gander at the VSE 8.8 Patch 5 known issues KB article.

VSE 8.8.0.1385 == VSE 8.8 Patch 5

The known issues article describes the problem, but a specific article also exists: KB84900.

William W. Warren | S.I.R.R. | Customer Success Group | McAfee