1 Reply Latest reply on Jul 22, 2015 5:52 PM by wwarren

    Can not make VSE Anti-Spy MaxProtect:execute temp folder exclusion for Kingston Datatraveler launcher


      Maybe I'm missing something in the syntax for my exclusion.


      Threat Name: Anti-spyware Maximum Protection:Prevent all programs from running files from the Temp folder

      Threat Source Process Name: G:\DTLPLUS_LAUNCHER.EXE

      Threat Target File Path: C:\Users\testuser\AppData\Local\Temp\DTLocker+-G\DTLplus_Launcher.exe


      In the policy I have trimmed it for troubleshooting.

      Processes to include: *

      Processes to exclude: *.exe


      I have tried the filename, upper/lower/mixed case, filename with path, and combinations of wildcards, but I get the feeling it may be related to the plus and minus sign in the path.


      Turning off blocking for this policy allows it to work, but I would prefer to have it as an exclusion.


      I am running ePO 5.0.1 (228), Agent, VSE


      Although I have Gold Support (or whatever Intel calls it now)  I was told they would not escalate due to my ePO version.


      Any help or second set of eyes would be appreciated, especially if I'm overlooking something obvious.  I have looked through the online documentation and community but could not find anything specific for this.


      Thank you kindly.