0 Replies Latest reply on Jul 27, 2016 1:02 PM by gunnars

    Exclusions for blocks of "Prevent all programs from running files from the Temp folder" in "Anti-spyware Maximum Protection"

    gunnars

      before I submit this to "gold support", perhaps one of you has some ideas?

      root cause of this problem is probably the fact that the path to the production app contains the word TEMP and can not be changed

       

      I'm looking to enable blocking "Prevent all programs from running files from the Temp folder" in "Anti-spyware Maximum Protection" area of the "Access Protection Policy" (VSE8.8p7+EPO5.3.2)

      Reporting has been enabled for months and before blocking is enabled, I need to exclude a certain app from this block.

       

      App resides in a UNC path (server in the UNC is different, depending on geographic location), then drive F is mapped to that UNC, this way drive letter path is identical for all = F:\path\to\the\app\contains\word\temp\filename.exe

      Shortcut exists on all desktops for this app, when the user launches it, it gets launched as (C:\WINDOWS\EXPLORER.EXE F:\path\to\the\app\contains\word\temp\filename.exe)

       

      Processes to include: *

      Processes to exclude:  frminst.exe, mcscancheck.exe, mcscript_inuse.exe, msiexec.exe, mue_inuse.exe

       

      I really don't feel like excluding explorer.exe

      And excluding **\filename.exe does not help

       

      So. Ideas?

       

      Thank you!

       

      P.S. ENS10 is on the schedule, we'll get there. For bonus points - how would this be addressed in ENS?