locked
Forefront Client Security Exclusions RRS feed

  • General discussion

  • Hello-

    I excluded an application via the Forefront Policy and deployed, but I'm still having some events (Event ID: 3004) being generated on the clients.
    I verified the exclusions on the client in the registry, but the client(s) are still showing this in the Event Log (every 30 minutes):

          Scan ID: {3AF6CC00-FCC2-42A8-98B8-64DCFE24373C}

          Agent: Services and Drivers

          User:      
          Name: Unknown

          ID:

          Severity: Not Yet Classified

          Category: Not Yet Classified

          Path Found: driver:app1234      
         
    Alert Type: Unclassified software

          Process Name:

          Detection Type:

          Status:

    How can I properly exclude this via FCS Policy?

    Thanks!

    Andrew



    Tuesday, March 29, 2011 2:44 PM

All replies

  • Hi,

    Thanks for the post.

    It sounds like you have not set the appropriate full path to a file or folder you want to exclude. In addition, please understand that client computers receiving a policy with scan exclusions do not enforce the exclusions until the agent restarts.

    As for how to exclude this via FCS Policy, you could check the following link:

    http://technet.microsoft.com/en-us/library/bb418942.aspx

    Hope this helps.

    Miles

     


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Wednesday, March 30, 2011 2:50 AM
  • The path is correct.  It's a pretty simple path.  Ie C:\Folder\File.exe

    The agent was restarted numerous times, and the exclusions are verified in the registry.

     

    Wednesday, March 30, 2011 12:24 PM