New exclusions?

[JoeSho00 0]

Hello -

Can someone tell me why it is that when I do a fresh install of immunet it has certain exclusions, then I will restart Windows and more exclusions will be added like: c:\windows\WinSxS , C:\Windows\Servicing etc...they are at the bottom of the list.... these appear to look different than the others. Notice the capitalization of "C" in the added exclusions after restart. Could it be a malicious attempt? 

Also please note - I cannot remove the exclusions! I get an error stating 'file exclusion cannot be removed'

 

Thanks,

Joe

[ritchie58 389]

Hi Joe & welcome to the Immunet forum!

I just checked my Exclusion list and it looks exactly the same as your screenshot (great idea to include the screenshot btw) so I very highly doubt there's anything malicious going on. Why those new exclusions have a lower case letter for the drive path is a bit of a mystery to me too!

The most logical reason for the devs to add these new exclusions is to correct issues associated with these Windows OS file paths. 

Even though most of the default exclusions can't be manually deleted rest assured that "does not" leave your system more vulnerable to infection if you're concerned about that.

Best wishes, Ritchie...

[JoeSho00 0]

Should these areas be excluded? What if an attacker learns where these exclusions are?

[ritchie58 389]

If you look at the list most of the exclusions have to do with Windows Update.

If Immunet was scanning these files while Windows was updating if could take much longer to download & install the updates. These exclusions are also there to keep Immunet from using up excessive system resources. Once any new code is installed these files will be scanned when you run your next full scan.

Keep in mind that Immunet also has heuristic capabilities that can recognize suspicious activity. 

Except for Defender all the third-party AV exclusions can be manually deleted.