JoeSho00 0 Report post Posted August 25, 2019 Hello - Can someone tell me why it is that when I do a fresh install of immunet it has certain exclusions, then I will restart Windows and more exclusions will be added like: c:\windows\WinSxS , C:\Windows\Servicing etc...they are at the bottom of the list.... these appear to look different than the others. Notice the capitalization of "C" in the added exclusions after restart. Could it be a malicious attempt? Also please note - I cannot remove the exclusions! I get an error stating 'file exclusion cannot be removed' Thanks, Joe Quote Share this post Link to post Share on other sites
ritchie58 450 Report post Posted August 25, 2019 Hi Joe & welcome to the Immunet forum! I just checked my Exclusion list and it looks exactly the same as your screenshot (great idea to include the screenshot btw) so I very highly doubt there's anything malicious going on. Why those new exclusions have a lower case letter for the drive path is a bit of a mystery to me too! The most logical reason for the devs to add these new exclusions is to correct issues associated with these Windows OS file paths. Even though most of the default exclusions can't be manually deleted rest assured that "does not" leave your system more vulnerable to infection if you're concerned about that. Best wishes, Ritchie... Quote Share this post Link to post Share on other sites
JoeSho00 0 Report post Posted August 25, 2019 Should these areas be excluded? What if an attacker learns where these exclusions are? Quote Share this post Link to post Share on other sites
ritchie58 450 Report post Posted August 25, 2019 If you look at the list most of the exclusions have to do with Windows Update. If Immunet was scanning these files while Windows was updating if could take much longer to download & install the updates. These exclusions are also there to keep Immunet from using up excessive system resources. Once any new code is installed these files will be scanned when you run your next full scan. Keep in mind that Immunet also has heuristic capabilities that can recognize suspicious activity. Except for Defender all the third-party AV exclusions can be manually deleted. 1 Quote Share this post Link to post Share on other sites
Amydala 1 Report post Posted October 29, 2019 Hi. Bringing this back to life as the Win.Trojan I've been fighting likes to hide in the WinSxS files. So I really need to have this scanning capability. Anyway to turn it on? I cannot seem to delete the exclusion. I *do* realize there are thousands of files here but when you are fighting this kind of malware, it's worth the loss of memory and disk resources. Quote Share this post Link to post Share on other sites
ritchie58 450 Report post Posted November 10, 2019 As far as I know there is no other way to delete these protected exclusions unfortunately. Quote Share this post Link to post Share on other sites