Is there any way to exclude .dll files from the "threat target path" of the rule "Prevent common programs from running files from the Temp folder"?
I'm getting around 100 alerts from known ok processes that we require to run out of the temp directory, and we only have about 30 users.
I know I can exlude iexplore.exe from the rule, but then I feel we would be left wide open, as that's where a lot of things originate.
Most alerts are from counters.dat, it would be awsome to be able to create an exception so that target file wouldn't trigger an event.
Thanks for any help .on 26/03/14 2:41:55 EDT PM
As this is more a point-product configuration question, moving to vse group for better attention.on 26/03/14 2:42:13 EDT PM
Sorry, this is not possible with the current Access Protection implementation.
It is a commonly requested PER. Adding your voice to the list would not be a bad thing.
pmclachlan, are you using VSE 8.8 with Patch 4 and MA 4.8 Patch 2? I'm seeing new alerts about counter.dat after I upgraded one test system under IE 10 and Windows 7 x64, and I have always seen alerts when using the Microsoft print to XPS option. I'll also submit a PER (or vote for your issue if it's public) and I opened a new question about alerts on counter.dat