I've found it best to wildcard the executable path or use the MD5 hash. This is just an example, your executable will be named differently.
I also found it necessary to disable Exploit Prevention on some systems via a separate policy.
Seems odd. You're speaking of ExP here.
Usually adding an exclusion there is because you're getting Exploit Prevention signature threat events.
Can you clarify that you DID NOT also inadvertently add that process to the Application Protection Rules list as a monitored process?
I'm not sure of this backup application 'avamar EMC,' but most backup applications have a Virus Scan/check function (fairly generic, not necessarily specific to any AV product) which invokes a read scan on each file backed up. Is it possible this is causing your performance issue? Check this backup software settings and see if you can disable the AV check functions and report back any differences in performance.
It has been my experience that McAfee Enterprise AV solutions do not need this extra scan from the backup software, as the default/recommended configuration does a scan on read. Adding another scan instituted by the backup software is redundant and sometimes causes deadlocks, which in turn cause severe delays within the backup software.
I'm not sure if Exploit Prevention is detecting the deadlock as a possible exploit and until the deadlock is released (and not considered an exploit), the backup software has to wait. It may be worth a try, changing the backup software settings as a test.
If the performance does improve without 'Exclusions' this would be a preferred approach.
Let us know your results.
Hi, this issue is finaly resolved. Solution for this bug is ENS Threat Prevent 10.5.2 with Hotfix3 and last agnet 126.96.36.199.
Thank you very much for your feedbacks guys.