Kaseya Community

global ignore list?

This question is answered

We have several items setup as part of our GPO that show up on malwarebytes as "false positives" as they are non critical (disable firewall notify, etc).

 

is there a way to setup a global ignore list like other enterprise level AV software?

 

Verified Answer
  • At this point, MalwareBytes doesn't have the API in place for Kaseya to remotely handle the exclusions list.  That said, this is one of the priority pieces that is in the works for KAM 1.1, with a release currently slated for late Q1 / early Q2 (march / april) timeframe.

    Regards,

    Travis

    Kaseya Support

  • All of the exclusions are stored by default in

    %user profiles%\all users\application data\malwarebytes\Malwarebytes' Anti-Malware\ignore.dat

    You can update the exclusions you need on an endpoint running KAM, then copy that endpoint's ignore.dat to the other endpoints that need the same exclusion list.  

    If you want to have the updated exclusion list automatically set on any new installs, you can replace the ignore.dat in

    .\Kaseya\WebPages\ManagedFiles\VSAHiddenFiles\kam\installer

    with the updated ignore.dat, and this will be the default exclusion list for all new installs going forward. 

    Travis
    Kaseya Support 

All Replies
  • Just really started utilizing the KAM module extensively in our MSP business, and in looking for this functionality came across this thread.  I attempted both the script supplied here, and a version of my own to try to replace the ignore.dat file on systems where we've already pushed Malwarebytes out, however what I'm seeing on at least some of the systems is that the script is unable to overwrite the ignore.dat file because it is in use by the malwarebytes service.  

    Given that I rewrote the script a bit to attempt to stop the service first before writing the file, but I found that on *most* of the machines that we have deployed it on where they are running windows XP, (yes I know...) the Kaseya script fails to stop the service, and thus it still cannot overwrite the file...

    Has anyone found a way around this at this point.   I'm just about to the point of having to uninstall and re-install Malwarebytes on *everything* we've deployed it to, just to get it to take the updated ignore.dat file....