Jump to content

Network Share exclusion

bigvalboa

By bigvalboa,
in Immunet General Forum

 Share

Recommended Posts

ritchie58 Community Regular

ritchie58

Posted
Posted

Is the application in question physically installed on the the same drive (or different drive letter but same computer) as Immunet or is the app only accessed remotely through your network?

Also, what exactly is the app & what is your Operating System? That info might be helpful along with some documentation screenshots of Immunet's behavior/activity regarding this issue using your preferred screen grab software.

If Immunet & the app share the same computer it should be possible to add an Exclusion rule for it by adding the "exact" file path. If it's only accessed through the network that may be problematic but perhaps not impossible to find a workaround.

Like I mentioned, that extra info & screenshots (if you can provide that) just might make the difference to find an adequate solution for your issue!

Regards, Ritchie...

Link to comment
Share on other sites
bigvalboa Newbie

bigvalboa

Posted
  • Author
Posted

The application is Thomson Reuters Ultratax 18. https://tax.thomsonreuters.com/us/en/cs-professional-suite/ultratax-cs 

The PC is Windows 7 fully updated.

The behavior is that the application crashes (APPCRASH) after beginning to navigate. The application is not actually installed on the PC, it is a network install application and each time the application is launched it is from the UNC path.

I have ran debug logging, and parsed it via amp_scan_debug_log.sh and see several hits for different types of files here:

\\?\C:\Users\username\AppData\Local\Temp\

Obviously I do not want to completely exclude the \Temp folder.

 

Link to comment
Share on other sites
Guest Wookiee

Guest Wookiee

Posted
Posted

If you just exclude the exe file or application path on the share, it should work without crashing while being able to access the other files.
unless it is creating temp files, that it needs each time the application is launched - where knowing the exact file name could be difficult.

Link to comment
Share on other sites
Guest Wookiee

Guest Wookiee

Posted
Posted
2 hours ago, bigvalboa said:

More color, I found that white-listing C:\Users\USERNAME\AppData\Local\Temp solves my issues however very insecure.

 

Is there a way to wildcard whitelist file names? such UTWD10E.tmp UTWC03.tmp. So all .tmp files beginning with UTW?

Not at the moment, I can put a feature request in to the developers to see if they can't have a whitelist with anything that starts with "UTW" or whatever you want (wildcard characters) , and such.

Is there anyway in the software to have the local/TEMP files be created in another location? If so, point it to a generic folder that you create, and then whitelist that folder so it wouldn't matter the name changes

Link to comment
Share on other sites
Guest Wookiee

Guest Wookiee

Posted
Posted
9 minutes ago, bigvalboa said:

Unfortunately the application uses the environment variable for temp %TEMP%

i will put a feature request in then.

Link to comment
Share on other sites
  • 4 weeks later...
Corey Newbie

Corey

Posted
Posted
On 1/4/2019 at 7:51 AM, Wookiee said:

i will put a feature request in then.

Yes please.  UNC path exclusions, and maybe tell Immunet to stop trying to scan files in "\Device\mup\" if possible.  My sfc.exe.log gets choked with errors about that whenever I execute programs from a network share.

Link to comment
Share on other sites
  • 10 months later...
ritchie58 Community Regular

ritchie58

Posted
Posted

Like I mentioned in the last thread to this topic, to my knowledge, variable wildcard temp exclusions are not supported at this time. You can create custom Exclusion rule(s) for most any software if you use the correct file path(s). Unless it's a file extension the Exclusion would have to start with a drive letter such as C:/.

Link to comment
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
 Share
Go to topic listing
×
×
  • Create New...