Endpoint Protection

 View Only

  • 1.  Force Manual Scans to use Auti-Protect Exceptions

    Posted Aug 12, 2009 12:31 PM
    Hi All,

    The other day I posted a question asking how to exclude individual files from the Client Auto-Protect Options in the Symantec System Center console, and I received some help and was able to get that figured out, but now a new question arises: How can I force a manual scan on a client, but have the scan load the list of extension and  file & folder exceptions?

    Basically, last week Symantec published some new definitions that started flagging one of the files that our old remote control/support app loaded in the System32 directory.  I was able to set the exceptions for that individual file through SSC, but now if I need to force a scan on a user's system the file gets flagged because neither the Full Scan nor the Custom Scan (the two options I normally use) load the Auto-Protect exceptions.  And to complicate things, I can only specify folders to exclude in a manual scan, not individual files.

    Does anyone know if I can change  these scan options so that they will load the Exceptions list when I need to force a manual scan on a client?   I'm not concerned about Scheduled Scans at this time...

    Thanks in advance!  :-) 


  • 2.  RE: Force Manual Scans to use Auti-Protect Exceptions

    Posted Aug 12, 2009 12:53 PM
    Why not make  a "False Positive" submission of the file that is getting flagged?

    https://submit.symantec.com/false_positive/index.html


  • 3.  RE: Force Manual Scans to use Auti-Protect Exceptions

    Posted Aug 12, 2009 01:16 PM
    That would be because I didn't know there was a link to do so; thank you!  I just went ahead and submitted a ticket.

    Things is though that after doing some research, it appears that most other AV apps flag the file too, and apparently it does have keylogging  capabilities or something.  That might explain why the company that made the program (Omniquad Instant Remote Control) doesn't make newer versions...  :-/  So truth-be-told, I'm not sure that it is a real  false-positive, in comparison to a potentially harmful file that is used by a legit application.

    The name of the file is "hodll.dll".  The directory it is installed to for the "server" (my users' PCs) is just System32, but for the viewer piece (for us "technicians") it is installed to C:\Program Files\Omniquad Instant Remote Control.

    Thanks for the link!


  • 4.  RE: Force Manual Scans to use Auti-Protect Exceptions

    Posted Aug 13, 2009 12:57 PM
    Bump.

    Just because I'm not sure if this will be added as a "False-Positive" or not, I'd like to know if anyone has any insight here.  Plus it will be helpful for future reference if I would like to omit other specific files from a forced scan.