Maybe I'm missing something in the syntax for my exclusion.
Threat Name: Anti-spyware Maximum Protection:Prevent all programs from running files from the Temp folder
Threat Source Process Name: G:\DTLPLUS_LAUNCHER.EXE
Threat Target File Path: C:\Users\testuser\AppData\Local\Temp\DTLocker+-G\DTLplus_Launcher.exe
In the policy I have trimmed it for troubleshooting.
Processes to include: *
Processes to exclude: *.exe
I have tried the filename, upper/lower/mixed case, filename with path, and combinations of wildcards, but I get the feeling it may be related to the plus and minus sign in the path.
Turning off blocking for this policy allows it to work, but I would prefer to have it as an exclusion.
I am running ePO 5.0.1 (228), Agent 22.214.171.1248, VSE 126.96.36.1995
Although I have Gold Support (or whatever Intel calls it now) I was told they would not escalate due to my ePO version.
Any help or second set of eyes would be appreciated, especially if I'm overlooking something obvious. I have looked through the online documentation and community but could not find anything specific for this.
Thank you kindly.
You'll want to have a gander at the VSE 8.8 Patch 5 known issues KB article.
VSE 188.8.131.525 == VSE 8.8 Patch 5
The known issues article describes the problem, but a specific article also exists: KB84900.