I mentioned this briefly in another thread, but I thought I would create a specific thread.
We really need a way in KES for File Exclusion, in addition to Directory/Folder Exclusions. The AVG GUI has both options - Directory Exclusions and File Exclusions. But the KES interface only seems to work for the Directory Exclusions.
We are having a HUGE issue right now, across multiple clients, with AVG quarantining files related to the Spector computer monitoring software. There are specific files in the \windows\system32 folder that we need to exclude from AVG scanning. But the KES integration does not have a feature for File Exclusions, it only support Directory/Folder Exclusions.
We are workign with K Support (ticket CS082940), but we are getting nowhere.
We tried manually adding the File Exclusion in the AVG GUI. That works for a short while, but then gets reset when the local AVG software next communicates with KES.
We really need a way in KES for File Exclusion, in addition to Directory/Folder Exclusions. Seems like AVG itself supports it. We really need KES to support it too.
Hummm... Sounds to me that even if you manually enter the file exclusion, KES is doing something to overwrite the file that holds the exclusion list. So my first though is to modify the file that does the overwriting and then you'd get the change deployed across the board! Can anyone from K chime in on this idea, or anyone else who may have thought of a better way to skin this cat?
I would also like to add my voice to the those requesting this change. I have tested several possible temporary workarounds to allow the addition of file exclusions, but it always get's overwritten when the machine checks in.
It's frustrating that I could install the same piece of software, not linked to Kaseya and accomplish the goal with a few clicks.
Can anything be done?
I agree. KES should have a way of specifying file exclusions.
In my case, AVG released a VirSig that created a large number of false positives.
Some of these were related to needed client applications, which now no longer run unless realtime protection is disabled. Turning off protection is not a viable workaround.
I need a way of bypassing this, as this is a time-sensitive problem, and AVG's response is usually not immediate.
Performing file exclusion on the client side is not an option, as my clients cannot be distracted from their normal daily activities while I remotely make edits during the working hours.
The fact that the AVG profile eventually overlays all client-sided edits highlights the ineffectivieness of this workaround.
AVG's response is:
"We noticed a couple of false positive alarms reported on forums in the past week. Anti-virus may detect a legitimate application sometimes whn a part of its code is similar to a code in newly created malware. This situation happens from time to time with every anti-virus software. Even though AVG implements advanced anti-false mechanisms to minimize risk of false alarms, the situation may occur anyway."
So, even they admit to the problem, and the KES interface does not provide a means of handling this.
I would suggest implementing a manual entry table of exception programs (which can recognize EnvVars and wildcard characters). Just a list of filenames. No checksum, or any other fields.