7 Replies Latest reply on May 26, 2015 3:46 AM by c14us

    Exclude some directories from scanning

    susja


      Hello,

      I'm using VirusScan Enterprise 8.8.

      I'm using command line of it and I start it by running batch file. Now I need to exclude 2 directories from scan because they have encrypted files and it breaks my parser.

      I'm using this line and it works for me:

      scan32.exe" /Task {ED73BEB7-1E8F-45AC-ABBC-A749AF6E2710}  %* /ANALYZE   /MANY /ALL /CLEAN /DAM /NC /NOEXPIRE /PLAD /PROGRAM /SUB /STREAMS /UNZIP /THREADS=4 /TIMEOUT=15 /APPEND  /AUTOEXIT

      I have to exclude these 2 directories:

      d:\Tecan Installation Files\*  and c:\Windows\SoftwareDistribution\Download\*

      I changed my line to this:

      scan32.exe" /Task {ED73BEB7-1E8F-45AC-ABBC-A749AF6E2710}  %* /ANALYZE /EXCLUDE d:\Tecan Installation Files\* c:\Windows\SoftwareDistribution\Download\*  /MANY /ALL /CLEAN /DAM /NC /NOEXPIRE /PLAD /PROGRAM /SUB /STREAMS /UNZIP /THREADS=4 /TIMEOUT=15 /APPEND  /AUTOEXIT

      My question:

      Should it work? Is my syntax correct to provide the path to directory using option /EXCLUDE ?

      Thanks in advance

        • 1. Re: Exclude some directories from scanning
          susja

          Well ... I just tried and it did not work i.e. it still scanned those directories

          Is my syntax wrong?

          Any suggestion?

          Thanks

          • 2. Re: Exclude some directories from scanning
            susja

            Again ... I put those 2 directories I have to exclude into text file and provided this option:

            scan32.exe ..... /EXCLUDE C:\McAfee\Exclude.txt ...

            But it didn't work again.

            Any ideas?

            • 3. Re: Exclude some directories from scanning
              rmetzger

              susja wrote:

               

              Again ... I put those 2 directories I have to exclude into text file and provided this option:

              scan32.exe ..... /EXCLUDE C:\McAfee\Exclude.txt ...

              But it didn't work again.

              Any ideas?

              Try:

              scan32.exe ..... /EXCLUDE=C:\McAfee\Exclude.txt ...

               

              Then, inside Exclude.txt

              d:\Tecan Installation Files\

              c:\Windows\SoftwareDistribution\Download\

               

              or possibly:

              d:\Tecan Installation Files\**

              c:\Windows\SoftwareDistribution\Download\**

               

              Let us know how this works (and which one works).

              Ron Metzger

              • 4. Re: Exclude some directories from scanning
                rmetzger

                susja wrote:

                 

                I'm using this line and it works for me:

                scan32.exe" /Task {ED73BEB7-1E8F-45AC-ABBC-A749AF6E2710}  %* /ANALYZE   /MANY /ALL /CLEAN /DAM /NC /NOEXPIRE /PLAD /PROGRAM /SUB /STREAMS /UNZIP /THREADS=4 /TIMEOUT=15 /APPEND  /AUTOEXIT

                I have to exclude these 2 directories:

                d:\Tecan Installation Files\*  and c:\Windows\SoftwareDistribution\Download\*

                 

                Alternatively, you will need to define the exclusions in the actual job.

                 

                Step 1) Look up in the registry

                     [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\DesktopProtection\Tasks\{ED73BEB7-1E8F-45AC -ABBC-A749AF6E2710}]

                     "szTaskName"="On-Demand Scan"

                The name (On-Demand Scan) will vary depending on your unique system.  This identifies which job to modify in step 2.

                 

                Step 2) Open the VirusScan Console

                     Add the exclusions to "On-Demand Scan" (or the named job you found based on {ED73BEB7-1E8F-45AC-ABBC-A749AF6E2710}] in step 1)

                 

                You will need to try and exclude:

                d:\Tecan Installation Files\

                c:\Windows\SoftwareDistribution\Download\

                 

                or possibly:

                d:\Tecan Installation Files\**

                c:\Windows\SoftwareDistribution\Download\**

                 

                Hope this is Helpful.

                Ron Metzger

                • 5. Re: Exclude some directories from scanning
                  c14us

                  Well I've never excluded other than via policies in ePO, and here there are an important diffenrce between files and folders. It could be the same for the command syntax, try it anyway

                   

                  Folders should end with a \

                  Files end with other symbols

                   

                  ex.

                  When you define c:\Windows\SoftwareDistribution\Download\* you exclude files. When you use c:\Windows\SoftwareDistribution\Download\ it's interpretiated as an folder.

                   

                  Regards

                  • 6. Re: Exclude some directories from scanning
                    susja

                    Thank you both for suggestion.

                    I don't run ePO hence I have to do it myself on each PC (but only once)

                    First I tried to use /EXCLUDE and it didn't work for me no matter for syntax I used. I'm using scan32.exe which comes with VS Enterprise. On other discussion someone mentioned that it's not 'formally' supported to run from command line. For that reason McAfee has another component to use. In my case I could not get it hence I'm using what I have. I'm using it and provide options like ... /ANALYZE   /MANY /ALL /CLEAN /DAM /NC /NOEXPIRE ... and it works for me.

                    That's why I'm not surprised that this /EXCLUDE option didn't work for me.

                    Using alternative suggestion and providing files I want to exclude in the VS console in Exclusion Tab worked for me. Thanks for that suggestion. I'm all set now.

                    Just for my curiousity: When I did full scan I noticed a few file that were not scanned because McAfee said they are encrypted. All those file I put in 'exclusion' list to avoid to see that messages BUT in general: why someone wants to exclude something? Isn't it better to scan everything that could be scanned?

                    Thanks

                    • 7. Re: Exclude some directories from scanning
                      c14us

                      Just for my curiousity: When I did full scan I noticed a few file that were not scanned because McAfee said they are encrypted. All those file I put in 'exclusion' list to avoid to see that messages BUT in general: why someone wants to exclude something? Isn't it better to scan everything that could be scanned?

                       

                      Yes. In the perfect world everything should be scanned. But VSE do have to get it's hand on all files by a layered technic, and will cause some interference and slowdown, no matter what design you'll make. So to keep stability and performance of OS and applications it's unfortunately a necessity to exclude some data