System Center 2012 Endpoint Protection - Excluded Processes, what exact behaviour of AV engine?
-
Thursday, January 17, 2013 10:56 AM
Hello.
Can anybody point me to appropriate documentation about exact behaviour of SC2012EP with excluded processes?
My questions is:
1. Excluded process will not be scan with real-time protection?
And another question:
2. Excluded process will not be scan with scheduled scan?
3. Files accessed by excluded process will not be scan with real-time protection?
4. Files created/modified by excluded process will not be scan with real-time protection?
We have scheduled job, it runs very frequently, we want to exclude it from real-time scan on every start, but scan it weekly with scheduled scans. How can we achieve it?
All Replies
-
Thursday, January 17, 2013 11:16 PM
Hey
Thanks for the post ,
1. If You Excluded the process from the Real-time protection .
2. If You Excluded the process from the Schedule scan .
3. Same answer if the files excluded from scan real time/Schedule - they will not scanned .
4. If You Excluded the create/modfy files's folder from scan . (the folder path) - they will not scanned .
For Your another question:
Scheduled Scan it's the same as weekly ,just create another one and disable the old one .
I'd be glad to answer any question
- Proposed As Answer by Nick Gu - MSFTMicrosoft Contingent Staff, Editor Monday, January 21, 2013 4:23 AM
- Marked As Answer by Nick Gu - MSFTMicrosoft Contingent Staff, Editor Friday, January 25, 2013 2:11 AM
-
Friday, January 18, 2013 10:12 AM
Hello Shuki Noy.
Thanks for your reply.
My questions was: If I add some process to "Excluded processes" (see picture)
1. Will it be scaned with real-time protection on process start?
2. Will it be scaned with scheduled scan?
3. Will files accessed by this excluded process be scaned with real-time protection?
4. Will files created/modified by this excluded process be scaned with real-time protection?- Edited by Vld_Sh Friday, January 18, 2013 10:12 AM
-
Friday, January 18, 2013 11:10 AM
Hey
1-2 . Exclusion Settings- > "Excluded processes" rely on any Type of Scan ,
So for Your Question : no scan will start of any kind of type if it SET to excluded .
For files and folders:
3-4 . You need to Set "Excluded files and folders" for No Scan .
If You Create or Modify new File or folder under existing Excluded Set .
I'd be glad to answer any question
- Edited by Shuki Noy Friday, January 18, 2013 11:49 AM
- Proposed As Answer by Nick Gu - MSFTMicrosoft Contingent Staff, Editor Monday, January 21, 2013 4:23 AM
- Marked As Answer by Nick Gu - MSFTMicrosoft Contingent Staff, Editor Friday, January 25, 2013 2:11 AM
-
Monday, April 08, 2013 10:47 AM
how do i exclude a folder in multiple drives irrespective of drive letter
?:\Program Files\Exchsrvr
or
*:\Program Files\Exchsrvr
-
Tuesday, May 07, 2013 11:35 PM
Hi Aksridhar,
To exclude the exchange install path, you can just use %exchangeinstallpath%
.png)
