JoeSho00 Posted August 25, 2019 Report Share Posted August 25, 2019 Hello - Can someone tell me why it is that when I do a fresh install of immunet it has certain exclusions, then I will restart Windows and more exclusions will be added like: c:\windows\WinSxS , C:\Windows\Servicing etc...they are at the bottom of the list.... these appear to look different than the others. Notice the capitalization of "C" in the added exclusions after restart. Could it be a malicious attempt? Also please note - I cannot remove the exclusions! I get an error stating 'file exclusion cannot be removed' Thanks, Joe Quote Link to comment Share on other sites More sharing options...
ritchie58 Posted August 25, 2019 Report Share Posted August 25, 2019 Hi Joe & welcome to the Immunet forum! I just checked my Exclusion list and it looks exactly the same as your screenshot (great idea to include the screenshot btw) so I very highly doubt there's anything malicious going on. Why those new exclusions have a lower case letter for the drive path is a bit of a mystery to me too! The most logical reason for the devs to add these new exclusions is to correct issues associated with these Windows OS file paths. Even though most of the default exclusions can't be manually deleted rest assured that "does not" leave your system more vulnerable to infection if you're concerned about that. Best wishes, Ritchie... Quote Link to comment Share on other sites More sharing options...
JoeSho00 Posted August 25, 2019 Author Report Share Posted August 25, 2019 Should these areas be excluded? What if an attacker learns where these exclusions are? Quote Link to comment Share on other sites More sharing options...
ritchie58 Posted August 25, 2019 Report Share Posted August 25, 2019 If you look at the list most of the exclusions have to do with Windows Update. If Immunet was scanning these files while Windows was updating if could take much longer to download & install the updates. These exclusions are also there to keep Immunet from using up excessive system resources. Once any new code is installed these files will be scanned when you run your next full scan. Keep in mind that Immunet also has heuristic capabilities that can recognize suspicious activity. Except for Defender all the third-party AV exclusions can be manually deleted. 1 Quote Link to comment Share on other sites More sharing options...
Amydala Posted October 29, 2019 Report Share Posted October 29, 2019 Hi. Bringing this back to life as the Win.Trojan I've been fighting likes to hide in the WinSxS files. So I really need to have this scanning capability. Anyway to turn it on? I cannot seem to delete the exclusion. I *do* realize there are thousands of files here but when you are fighting this kind of malware, it's worth the loss of memory and disk resources. Quote Link to comment Share on other sites More sharing options...
ritchie58 Posted November 10, 2019 Report Share Posted November 10, 2019 As far as I know there is no other way to delete these protected exclusions unfortunately. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.