04-14-2009 12:00 PM - edited 03-09-2019 10:13 PM
The issue I'm having is the help desk is using goto assist. csa is showing a warning and blocking. normally there is a wizard tab after the rule that was triggered. that i usually run to allow a application to run. so now instead i went into the rule "rule 1012 Trojan detection) and go to the area with check box (accessing system functions from code executing in data or stack space) and then i highlight a application class to exclude and then i goto that application class file set and add the executable that give the error. In theory it should work am i missing something
Thanks for any help
Jim2k
04-14-2009 01:46 PM
That should unless something else is superceding it.
My CSA 4.x is a bit rusty but I recall creating application classes for each of the Trojan Detection categories and adding executables to those when I wanted them to be ignored.
Tom
04-15-2009 06:28 AM
so far i tried adding the executable to an application class and then execluding that class in the rule. i also tried creating a new App class and excluding that. any other ideas
04-17-2009 04:09 PM
The wizard will create an exception that is a separate trojan detection rule so you may want to look and see if there is more than one rule.
It may also stop presenting the wizard if there was already an exception created.
It's been a while since I used 4.x but I remember that particular rule being difficult to manage.
Tom
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: