Jump to content
Sign in to follow this  
newkansan

File Exclusions Being Ignored

Recommended Posts

I wanted to report this. On a previous scan, there were numerous false positives, which when I set to allow, were automatically placed in the file exclusions list. Today I ran another scan and these same files were again quarantined. I allowed them all again, and now these files are listed twice in the file exclusions list.

 

If it makes any difference, the first time these files were flagged, it was on a full scan. The second time, it was on a custom scan, which happened to scan the same areas these files reside.

 

On a related note, I set our Exchange Server folder in the exclusions list (c:\program files\exchsrvr) so that no files would be scanned in this folder. However, one of the false positives on my most recent scan was a log file inside this folder (c:\program files\exchsrvr\MDBDATA\e000044f.log). This indicates that the exclusions are not being adhered to.

 

I am running the full version in trial mode of ImmunetPlus3.0 with ClamAV on Windows Server 2003 Standard SP2. I have 10 days left on the trial.

 

Do you need anything from me to help resolve this? Log files, screenshots etc?

Share this post


Link to post
Share on other sites
Guest Orlando

Yes, I know, I think this bug is already reported, but if there are false positives we can fix it.

 

Orlando

Share this post


Link to post
Share on other sites

The link to http://www.immunet.com/contact/index.html to report false positives does not have a submit form that I could find for false positives. FYI. I'll have to email the files unless there is a better way?

 

edit: I just realized the "Register for our Newsletter" is a dropdown menu with other options, including submit a false positive. My apologies, I didn't realize that til after I posted.

 

Most of the false positives are .zip files and no indication which file in the .zip is triggering the false positive. These are customer files that we may not have the freedom to submit. Suggestions?

 

There are three files that are not .zip that I can submit.

Share this post


Link to post
Share on other sites
Guest Orlando

Please, read this guide. You can also send to zip these three files with a program (default by Windows: click with right, send to, zip file).

 

Orlando

Share this post


Link to post
Share on other sites

I submitted what I could. The rest are sensitive customer files that we cannot submit.

 

I can describe to you, though, the general problem with these false positives. They are all .zip files with various .txt, .lib, .pdf, .bmp, etc files inside. Here is the strange part. When Immunet scans the .zip archives, it detects malware. When I manually unzip these files and have Immunet scan the unzipped versions, it detects no malware.

 

Thanks for your help.

Share this post


Link to post
Share on other sites

My procedure is to isolate the .zip file that has been detected with malware, restore it from quarantine, delete the exceptions that were created, unzip the file to a folder called "test", then rescan the test folder which now contains the unzipped contents. If there are hidden files, the fact that I am scanning the parent folder should still allow the scanner to see them?

Share this post


Link to post
Share on other sites

I am having the same problem with file exclusions. I am not receiving any false positives rather periodically Agent.exe will lock an mdb file that is needed by an application, causing the app to fail. Excluding a parent folder above the file did not exclude the mdb which was in a sub folder, unfortunately the mdb path is dynamic and I cannot exclude the exact folder it sits in directly.

 

Sorry for the redundancy.

Share this post


Link to post
Share on other sites
Guest Orlando

As Millard said here. It's possible the detection is still cached. So send and email to millard at immnet.com and he will guide you to fix problem.

 

Orlando

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
Sign in to follow this  

×
×
  • Create New...