1 Reply Latest reply: May 2, 2014 7:37 PM by rmetzger RSS

    Exclusions not working?

    andybaran

      I've setup exclusions in the Anti-virus Standard Protection:Prevent WindowsProcess spoofing policy for the MalwareBytes chameleon exe's that look like the following but are not working:

       

      C:\Program Files (x86)\malwarebytes' anti-malware\chameleon\firefox.exe, C:\Program Files (x86)\malwarebytes' anti-malware\chameleon\iexplore.exe, C:\Program Files (x86)\malwarebytes' anti-malware\chameleon\rundll32.exe, C:\Program Files (x86)\malwarebytes' anti-malware\chameleon\svchost.exe, C:\Program Files (x86)\malwarebytes' anti-malware\chameleon\winlogon.exe

       

       

      Do I need to be putting quotation marks or something around those exclusions since they have special characters and spaces in the path?

       

      Any help is greatly appreciated! Thanks!

        • 1. Re: Exclusions not working?
          rmetzger

          Hi Andy,

          andybaran wrote:

           

          C:\Program Files (x86)\malwarebytes' anti-malware\chameleon\firefox.exe, C:\Program Files (x86)\malwarebytes' anti-malware\chameleon\iexplore.exe, C:\Program Files (x86)\malwarebytes' anti-malware\chameleon\rundll32.exe, C:\Program Files (x86)\malwarebytes' anti-malware\chameleon\svchost.exe, C:\Program Files (x86)\malwarebytes' anti-malware\chameleon\winlogon.exe

          Do I need to be putting quotation marks or something around those exclusions since they have special characters and spaces in the path?

          No, Don't include quotation marks, there implied. Adding them would break things.

           

          I have never needed to put exclusions in for MBAM. However, the new version of MBAM (v2.x) changed the directory structure slightly.

          C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon

          Note the missing ' character.

           

          A quick review of VSE v8.x Exclusions:

          https://kc.mcafee.com/corporate/index?page=content&id=KB50998

           

          states that you may be able to use ** in place of Program Files (x86), which would look something like this:

           

          C:\**\Malwarebytes Anti-Malware\Chameleon\iexplore.exe, etc.

           

          This would open up an exclusion for any directory (or directory levels) below C:\ and containing \Malwarebytes Anti-Malware\Chameleon for the files you would list.

           

          You could even try something like this:

           

          **\Chameleon\iexplore.exe

           

          This would exclude any directory on any drive that has \Chameleon\ and the files listed (in the example above iexplore.exe).

           

          What problem are you encountering that requires exclusions for the Chameleon files? I would be Very cautious of excluding anything unless it is absolutely necessary.

           

          Hope this is helpful. Post back with any questions.

           

          Ron Metzger