none
SCEP Exclusion not working for specific files RRS feed

  • General discussion

  • Hi Team,

    We have a folder D:\ABB

    In this folder, we have lot of subfolders and files and *.exe *.dll etc. Need to exclude this as none of the files should not be scanned. So, have made the folder exception as D:\ABB

    Later on I could see few of the .exe is getting scanned and disappear. It is freak, but still need to know the root cause why is that behaviour or possible mitigations to overcome this.

    I did tried to exclude the .exe file as well. but still same. 

    I have tested with other scenario to check whether exception is working fine. Yes, it is working. 

    Kindly suggest

    • Changed type Nirmal711 Tuesday, September 17, 2019 8:11 AM having issues due to this.
    Monday, September 16, 2019 10:29 AM

All replies

  • Hi,

    I tried to do a test in my lab, put an anti-malware testfile in the folder D:\ABB, and then SCEP will detect it. After folder D:\ABB is excluded, the testfile will not be scanned and detected. I also tried to custom scan the folder D:\ABB, and still not be detected, the result is as below. You can also have a try to see the results.

    In addition, do you have other anti-malware? We can check the SCEP detection history to see if .exe file is detected by SCEP.

    Hope above information helps.

    Best Regards,
    Tina


    Please remember to mark the replies as answers if they help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, September 17, 2019 8:15 AM
  • Hi Tina, Good Day!

    Thanks for your reply.

    I did the same testing just to ensure exception is working find or not. Yes. It is working for my case as well. 

    Problem here is quite different (not malware related). As per the requirement from app team, we have made the exclusion for the folder and later could see few of the application .exe files are getting scanned which should not be done when that folder is in exclusion list. This is not constant.. .exe file is appearing very rare and need to monitoring continuously 24x7 and not sure when the .exe will be appear.

    Is this how the behavior will be? or is this something out of SCEP?

    Regards, Nirmal711

    Tuesday, September 17, 2019 8:22 AM
  • Hi,

     >>later could see few of the application .exe files are getting scanned
    Could you please advise where did you see the files being scanned? Once the folder is excluded, it will not be scanned as you tested. This maybe something out of SCEP.

    Since the issue may be related to your environment, it is recommended that you contact Microsoft Customer Support Services (CSS) for a dedicated support.
    https://support.microsoft.com/en-us/help/13948/global-customer-service-phone-numbers

    Best Regards,
    Tina

    Please remember to mark the replies as answers if they help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, September 17, 2019 8:54 AM
  • Hi Tina,

    You can see from Resource Monitor from Task manager and select MsMpEng.exe in Disk tab and you can see the disk activity. 

    here you will find the application .exe scanning and other folders.

    Regards.

    Nirmal711

    Tuesday, September 17, 2019 9:11 AM