locked
Folder and File Exclusions RRS feed

  • Question

  • Hi,
    Does anyone know which folders and files to exclude when applying the FCS policy to a machine running clearswift mimesweeper for smtp? Our current normal virus checker exludes the top root mimsweeper folder and all folders and files below that (but it uses a quick explorer type checkbox facility to select all).
    I could do the same now, but you have to manually add the folders to exclude in fcs and there are hundreds of them, which will take forever. Otherwise, if I have to exclude all these folders, is there a quick way to do it, (perhaps a script like the one I used for exchange 2007)?

    Thanks
    Monday, April 27, 2009 4:34 PM

Answers

  • No script that I know of... If you want to know which files/folders your application is accessing on a normal basis you could use process monitor from sysinternals and filter on that process to see which folders it is constantly scanning to give you an idea of which folders you should exclude.
    CSS Security Support Engineer (FCS/MBSA/WUA/Incident Response) Check out my blog http://blogs.technet.com/kfalde
    Thursday, April 30, 2009 5:46 PM

All replies

  • No script that I know of... If you want to know which files/folders your application is accessing on a normal basis you could use process monitor from sysinternals and filter on that process to see which folders it is constantly scanning to give you an idea of which folders you should exclude.
    CSS Security Support Engineer (FCS/MBSA/WUA/Incident Response) Check out my blog http://blogs.technet.com/kfalde
    Thursday, April 30, 2009 5:46 PM
  • Kurt, does the option to select a folder not also select all folders below it? If the normal virus checker excludes the top root mimesweeper program, why not do the same with FCS?


    Josue Fontanez | jf@oneconstant.com President | OneConstant Blog: www.oneconstant.spaces.live.com Twitter: www.twitter.com/josuefontanez Web: www.oneconstant.com
    Thursday, April 30, 2009 9:33 PM
  • I don't know whether it is by design or a bug, but you have to specify every folder where you have files that you want to exclude
    Thursday, April 30, 2009 9:37 PM
  • Thanks I never knew that. This would be a good addition to FCS v2.
    Josue Fontanez | jf@oneconstant.com President | OneConstant Blog: www.oneconstant.spaces.live.com Twitter: www.twitter.com/josuefontanez Web: www.oneconstant.com
    Thursday, April 30, 2009 9:49 PM
  • Yes it does.. the other poster has that wrong if you add c:\temp\ it will also exclude c:\temp\temp\temp\temp as well.
    CSS Security Support Engineer (FCS/MBSA/WUA/Incident Response) Check out my blog http://blogs.technet.com/kfalde
    Friday, May 1, 2009 6:23 PM
  • That's what I figured. I couldn't imagine a scenario where FCS would not also automatically exclude all of the other directories below it. Thanks for clarifying Kurt.
    Josue Fontanez | jf@oneconstant.com President | OneConstant Blog: www.oneconstant.spaces.live.com Twitter: www.twitter.com/josuefontanez Web: www.oneconstant.com
    Friday, May 1, 2009 6:53 PM
  • Well why not try it then, I have and it still accesses files and folder below the one that has been excluded. I have also found others in this forum and on blogs that have also experience the same problem. However, since Kurt has explicitly stated that I can just exclude the top folder and it will exclude all folders and files below it then I will now submit this to management and install FCS on the mimesweeper box. At least I wont be charged for any microsoft support time if I need to raise a problem :-)
    Tuesday, May 12, 2009 8:20 PM