On my monthly scan I have picked up a few more dections than I would have liked so I want to run a weekly scan on just the following two folders(one XP one win7)
c:\Documents and Settings\username\Application Data\Sun\Java\Deployment\cache\
I tried changing username to a star(*) but it then appears to ignore everything after that and scan the entire C:\users\ and C:/documents and settings/ which for a daily/weekly task is too noticable for end users.
Does anybody know how to properly format these two folders? Or is this not possible?
I concur this would be a great capability to have, and it seems that this file specification capability is absent.
It's also annoying absent to be able to appropriately wildcare access protection rule exeptions such as "let iexplore fork this specific wildcard of executables for an installer" or "let explorer.exe fork this subset of things" because as it is now at least in 8.7, you can't specify anything in arguments to the root executable that forks the process of interest.
If you require more granularity for defining scan targets a PER should be filed. (KB60021)
\documents and settings => will scan everything in c:\documents and settings, all user folders and their subfolders (if box for subfolders is ticked, which is by default)
\ documents and settings\**\application data => will not scan only application data folder in the respective user directories, will scan everything in \documents and settings including subfolders, wildcards are ignored
To select a drive via wildcard can not be done. For example:
**\documents and settings\** => will not scan on every drive in every subfolder a folder called “documents and settings” and all its subfolders, the first ** does not work (that’s on purpose) and the second ** is redundant as every subfolder is scanned anyway (if box is ticked, which is by default).
Wildcards like * can currently not be used for specification of scan targets.
What you might want to consider is, to scan "\documents and settings" and specify in scan items only specific files (specified file type) .class for example.
Hey Sbendex, Yes thats what I was looking into, although unfortunatly many of the detections have no file extension so this would still only be 50% better off than not scanning.
Ill log an idea and PER request for this, seemed like an easy request to do from my security team but obviously not!
Have you played with the system utilisation in the performance tab?
Set it to low, would minimize the impact on users, but still you will have the whole user directory or docs and settings to scan, which might take some time depending on the size.
=> KB55145 - ODS system resource utilisation, if you haven't had a peak yet