How to exclude directory from Forefront for SharePoint?

Wed, 20 May 2009 15:25:33 Z

Hi, we are running Forefront 10.1 on our MOSS 2007 server. We have a directory with a javascript utility that encrypts\decrypts a page into an .html page (we have to do this as part of the licensing for this particular content). The content is entirely legit, no virus, but Forefront blocks it thus:

o3-301.htm " contains the following virus: " VIRUS= Trojan.JS.Agent.aaf (Kaspersky5); Tagged ID: 166CB8E0_1D31_42D2_9E69_630EF6007781 ".

If you want to open this file, you'll need to clean the file using your own virus scanning software. Do you want to save the file to your computer and attempt to clean it?"

So, I basically need to exclude the particular directory that hosts these files and am not able to see how I can do this in Forefront?

Thank you,

Chad

How to exclude directory from Forefront for SharePoint?

Tue, 13 Oct 2009 15:53:04 Z

Hi Chad,

I don't believe there s any way to exclude a particular directory from realtime scanning within Forefront for Sharepoint. If you know that this file is not a virus, then this would be a false positive detection, probably by just the Kaspersky engine, and as such I would recommend that you submit a sample of this file to Microsoft who will work together with Kaspersky to alter their definition files to allow through this particular file. More details on how to do this can be found at:-

http://support.microsoft.com/kb/952163

http://blogs.technet.com/fssnerds/archive/2009/02/09/how-to-determine-if-antigen-or-forefront-server-catch-specific-malware-without-paying-for-a-support-incident.aspx

https://www.microsoft.com/security/portal/Submission/Submit.aspx

If you have no luck with the links above, you can raise a support case with Microsoft. Support cases relating to malicous software should be non-chargeable.

I hope this helps
Alex