bigvalboa Posted January 2, 2019 Report Share Posted January 2, 2019 Hello, I've got an application that is launched from a network share, is it possible to exclude a network share? It runs fine when the service is stopped, but as soon as it runs it kills my application. Link to comment Share on other sites More sharing options...
ritchie58 Posted January 3, 2019 Report Share Posted January 3, 2019 Is the application in question physically installed on the the same drive (or different drive letter but same computer) as Immunet or is the app only accessed remotely through your network? Also, what exactly is the app & what is your Operating System? That info might be helpful along with some documentation screenshots of Immunet's behavior/activity regarding this issue using your preferred screen grab software. If Immunet & the app share the same computer it should be possible to add an Exclusion rule for it by adding the "exact" file path. If it's only accessed through the network that may be problematic but perhaps not impossible to find a workaround. Like I mentioned, that extra info & screenshots (if you can provide that) just might make the difference to find an adequate solution for your issue! Regards, Ritchie... Link to comment Share on other sites More sharing options...
bigvalboa Posted January 3, 2019 Author Report Share Posted January 3, 2019 The application is Thomson Reuters Ultratax 18. https://tax.thomsonreuters.com/us/en/cs-professional-suite/ultratax-cs The PC is Windows 7 fully updated. The behavior is that the application crashes (APPCRASH) after beginning to navigate. The application is not actually installed on the PC, it is a network install application and each time the application is launched it is from the UNC path. I have ran debug logging, and parsed it via amp_scan_debug_log.sh and see several hits for different types of files here: \\?\C:\Users\username\AppData\Local\Temp\ Obviously I do not want to completely exclude the \Temp folder. Link to comment Share on other sites More sharing options...
Guest Wookiee Posted January 3, 2019 Report Share Posted January 3, 2019 If you just exclude the exe file or application path on the share, it should work without crashing while being able to access the other files. unless it is creating temp files, that it needs each time the application is launched - where knowing the exact file name could be difficult. Link to comment Share on other sites More sharing options...
bigvalboa Posted January 3, 2019 Author Report Share Posted January 3, 2019 I have tried putting in an exclusion for "utw18.exe" but it complains that the path given is not valid. Link to comment Share on other sites More sharing options...
bigvalboa Posted January 3, 2019 Author Report Share Posted January 3, 2019 To add further color, when i analyze the debug log i see this for the .exe: \Device\Mup\HOSTNAME\SHARE\UT18\utw18.exe Link to comment Share on other sites More sharing options...
bigvalboa Posted January 3, 2019 Author Report Share Posted January 3, 2019 More color, I found that white-listing C:\Users\USERNAME\AppData\Local\Temp solves my issues however very insecure. Is there a way to wildcard whitelist file names? such UTWD10E.tmp UTWC03.tmp. So all .tmp files beginning with UTW? Link to comment Share on other sites More sharing options...
Guest Wookiee Posted January 3, 2019 Report Share Posted January 3, 2019 2 hours ago, bigvalboa said: More color, I found that white-listing C:\Users\USERNAME\AppData\Local\Temp solves my issues however very insecure. Is there a way to wildcard whitelist file names? such UTWD10E.tmp UTWC03.tmp. So all .tmp files beginning with UTW? Not at the moment, I can put a feature request in to the developers to see if they can't have a whitelist with anything that starts with "UTW" or whatever you want (wildcard characters) , and such. Is there anyway in the software to have the local/TEMP files be created in another location? If so, point it to a generic folder that you create, and then whitelist that folder so it wouldn't matter the name changes Link to comment Share on other sites More sharing options...
bigvalboa Posted January 3, 2019 Author Report Share Posted January 3, 2019 Unfortunately the application uses the environment variable for temp %TEMP% Link to comment Share on other sites More sharing options...
Guest Wookiee Posted January 3, 2019 Report Share Posted January 3, 2019 9 minutes ago, bigvalboa said: Unfortunately the application uses the environment variable for temp %TEMP% i will put a feature request in then. Link to comment Share on other sites More sharing options...
Corey Posted January 29, 2019 Report Share Posted January 29, 2019 On 1/4/2019 at 7:51 AM, Wookiee said: i will put a feature request in then. Yes please. UNC path exclusions, and maybe tell Immunet to stop trying to scan files in "\Device\mup\" if possible. My sfc.exe.log gets choked with errors about that whenever I execute programs from a network share. Link to comment Share on other sites More sharing options...
bigvalboa Posted December 17, 2019 Author Report Share Posted December 17, 2019 Hi I wanted to check to see if there was any traction on getting UNC share exclusions? Link to comment Share on other sites More sharing options...
ritchie58 Posted December 17, 2019 Report Share Posted December 17, 2019 I don't believe Immunet has, as yet, added any new code with the 7.0.2 build to be able to create wildcard %TEMP% exclusions for UNC share folders unfortunately. Link to comment Share on other sites More sharing options...
bigvalboa Posted December 18, 2019 Author Report Share Posted December 18, 2019 Is it possible to add a UNC exclusion yet? Link to comment Share on other sites More sharing options...
ritchie58 Posted December 18, 2019 Report Share Posted December 18, 2019 Like I mentioned in the last thread to this topic, to my knowledge, variable wildcard temp exclusions are not supported at this time. You can create custom Exclusion rule(s) for most any software if you use the correct file path(s). Unless it's a file extension the Exclusion would have to start with a drive letter such as C:/. Link to comment Share on other sites More sharing options...
Recommended Posts
Please sign in to comment
You will be able to leave a comment after signing in
Sign In Now