We have a certain application that needs a subfolder under the %TEMP% folder to be excluded from real-time scanning, but I'm having problems specifying this particular folder in a way that KAV respects. Since this exclusion needs to be applied to dozens of machines, it has so be done by using profiles. It was tested by creating a blank text file, pasting the EICAR test string into it, saving the file, and then see if I could open it afterwards, or if KAV had removed it.
I first enter either "%TEMP%\NetRight" or "%TEMP%\NetRight\*.*" in the profile editor, but neither of them work. When the EICAR test file is created, KAV kicks in and removes the file.
Manually adding the exclusion rules "%TEMP%\NetRight" or "%TEMP%\NetRight\*.*" to the Trusted Zone locally in the KAV application, the paths immediately resolve to "C:\Users\MyUserName\AppData\Local\Temp\NetRight". When the EICAR test file is created here, KAV does not kick in, and the file can be opened. As wanted.
How to solve this for upwards of 100 users? I'd rather not be forced to manually create this exclusion in the KAV settings on each and every machine.
Kaseya Cloud, KAV 1.4.
Kind regards,Ole Andreas Ringdal
IIRC KAV does not support environment variables but this has been wish listed.
I think the problem is that when you enter something like %TEMP%\NetRight\ in the local Kaspersky UI it will not store the exclusion as %TEMP%\NetRight but as C:\Users\MyUserName\AppData\Local\Temp\NetRight.
Hopefully there is some API call that can be added so the temp folder for all users can be excluded.
If you can please open a ticket with Kaseya regarding this and have them add environmental variables to as a feature request. The more requests for this the better :)
Don't know if it helps but have you tried adding the application in question as a trusted app?
Also if the app uses some special file extensions that it creates in the temp folder you could add those as exclusions.
Hello, and thanks for your reply.
I tried various configuraions and then determined KAV/Kaseya either do not support environment variables in this way, or it will resolve the string "%TEMP%\NetRight" to its absolute path. I therefore had to think of another way, and that was simply to redirect both %TEMP% and %TMP% variables to "C:\Temp" (through the use of the SETX command in the logon script), and then configuring KAV to exlude the resulting absolute path ("C:\Temp\NetRight"). A workaround that works perfectly.
Environment variables could still profitably be placed in the feature request list. :-)
Ole Andreas Ringdal
Thanks for sharing Ole!