1 Reply Latest reply on Jul 22, 2015 5:52 PM by wwarren

    Can not make VSE Anti-Spy MaxProtect:execute temp folder exclusion for Kingston Datatraveler launcher

    technicalalchemy

      Maybe I'm missing something in the syntax for my exclusion.

       

      Threat Name: Anti-spyware Maximum Protection:Prevent all programs from running files from the Temp folder

      Threat Source Process Name: G:\DTLPLUS_LAUNCHER.EXE

      Threat Target File Path: C:\Users\testuser\AppData\Local\Temp\DTLocker+-G\DTLplus_Launcher.exe

       

      In the policy I have trimmed it for troubleshooting.

      Processes to include: *

      Processes to exclude: *.exe

       

      I have tried the filename, upper/lower/mixed case, filename with path, and combinations of wildcards, but I get the feeling it may be related to the plus and minus sign in the path.

       

      Turning off blocking for this policy allows it to work, but I would prefer to have it as an exclusion.

       

      I am running ePO 5.0.1 (228), Agent 4.8.0.1938, VSE 8.8.0.1385

       

      Although I have Gold Support (or whatever Intel calls it now)  I was told they would not escalate due to my ePO version.

       

      Any help or second set of eyes would be appreciated, especially if I'm overlooking something obvious.  I have looked through the online documentation and community but could not find anything specific for this.

       

      Thank you kindly.