04-08-2009 12:33 PM - edited 03-09-2019 10:12 PM
I enabled the signature based antivirus policy in CSA 6.0.214 and am wondering how I can create an exception so that a specific folder is not included in scheduled and on-access scanning. Thanks.
04-08-2009 10:38 PM
Two options listed are:
Creating AntiVirus Exemptions Using the Event Management Wizard
and
Creating AntiVirus Exemptions Using the Global AntiVirus Exemptions Page
http://www.cisco.com/en/US/docs/security/csa/csa60/user_guide/AntiVirus.html#wp1042066
I think it's similar to creating file and folder exceptions for CSA rules.
Tom
04-09-2009 07:05 AM
I wish that was the case. I'm in discussions with Cisco TAC about this too. The antivirus exemptions page appears to only allow very specific exemptions, such as don't detect this file as being this virus.
04-09-2009 09:03 AM
I think you may need to exempt them from being classified as scannable files before they are scanned and tagged.
The rule module "Security - Clam AV - Classification Module (on OPEN) and (on Close)" may be the place to start.
If you can exempt the folder beforehand, it may never be scanned.
I don't have time to try this but give it a look and see what you come up with.
Tom
04-14-2009 12:03 PM
As suggested, I created two file access control rules, one in the âSecurity - Clam AV - Classification Module (on CLOSE)â and the other in the âSecurity - Clam AV - Classification Module (on OPEN)â rule modules. Each rule is a Set action that sets âVirus scan on OPENâ or âVirus scan on CLOSEâ as âNOT being required for this fileâ. The files specified are just the folders that we want to exclude from virus scanning.
This appears to be a good solution to this problem.
04-14-2009 01:43 PM
Glad to hear it, thanks for posting back.
Tom
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: