Potentially unwanted programs continue to be detected when excluded by name only
Technical Articles ID:
KB50383
Last Modified: 7/21/2020
Last Modified: 7/21/2020
Potentially unwanted programs continue to be detected when excluded by name only
Technical Articles ID:
KB50383
Last Modified: 7/21/2020 EnvironmentProblemPotentially unwanted programs that have been excluded in the Unwanted Programs Policy continue to be detected. They are detected even though the correct file name has been used to exclude the flagged unwanted program.
ProblemCurrent DAT files contain a driver for detection of what product development team has deemed an unwanted program.
ProblemYou are unable to exclude a Remote Administration Program via the Unwanted Programs Policy.
CauseThe addition of exclusions for unwanted programs by file name or by directory does not work. Although the VSE 8.x Product Guide tells you to specify the exact name of the file or program to exclude detection, you must also exclude the name of the process for exclusion to work correctly.
When you install some utilities used for legitimate reasons, such as remote administration tools, VSE might detect the utilities as PUPs due to the way they might have been used with malware. After a utility is installed and a detection occurs, it is written to two different logs depending on how the detection happened. Separate logs are created for the on-access scanner and the on-demand scanner:
Default log location:
Example of a log entry for a potentially unwanted program detection TightVNC: Analysis of the Log information
Solution
To add the correct exclusion for the Unwanted Program, look in the On-Access or On-Demand log file for the detection name at the time that the detection triggered. Example: A detection for TightVNC: SolutionExclude a single detection
SolutionExclude a Category (PUP Group)
It is possible to make broader exclusions. For security purposes, The product development team recommends that you keep exclusions to minimum. WARNING: Allowing entire categories of programs is potentially dangerous and is entirely at your own risk. To disable Unwanted Program detections by category:
Related InformationRelated articles about exclusions:
Affected ProductsLanguages:Glossary of Technical Terms |
|