Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
458
Views
0
Helpful
5
Replies

CSA signature based antivirus exceptions

legassembly
Level 1
Level 1

‎04-08-2009 12:33 PM - edited ‎03-09-2019 10:12 PM

I enabled the signature based antivirus policy in CSA 6.0.214 and am wondering how I can create an exception so that a specific folder is not included in scheduled and on-access scanning. Thanks.

Labels:
0 Helpful
5 Replies 5

tsteger1
Level 8
Level 8

‎04-08-2009 10:38 PM

Two options listed are:

Creating AntiVirus Exemptions Using the Event Management Wizard

and

Creating AntiVirus Exemptions Using the Global AntiVirus Exemptions Page

http://www.cisco.com/en/US/docs/security/csa/csa60/user_guide/AntiVirus.html#wp1042066

I think it's similar to creating file and folder exceptions for CSA rules.

Tom

0 Helpful

legassembly
Level 1
Level 1
In response to tsteger1

‎04-09-2009 07:05 AM

I wish that was the case. I'm in discussions with Cisco TAC about this too. The antivirus exemptions page appears to only allow very specific exemptions, such as don't detect this file as being this virus.

0 Helpful

tsteger1
Level 8
Level 8
In response to legassembly

‎04-09-2009 09:03 AM

I think you may need to exempt them from being classified as scannable files before they are scanned and tagged.

The rule module "Security - Clam AV - Classification Module (on OPEN) and (on Close)" may be the place to start.

If you can exempt the folder beforehand, it may never be scanned.

I don't have time to try this but give it a look and see what you come up with.

Tom

0 Helpful

legassembly
Level 1
Level 1
In response to tsteger1

‎04-14-2009 12:03 PM

As suggested, I created two file access control rules, one in the “Security - Clam AV - Classification Module (on CLOSE)” and the other in the “Security - Clam AV - Classification Module (on OPEN)” rule modules. Each rule is a Set action that sets “Virus scan on OPEN” or “Virus scan on CLOSE” as “NOT being required for this file”. The files specified are just the folders that we want to exclude from virus scanning.

This appears to be a good solution to this problem.

0 Helpful

tsteger1
Level 8
Level 8
In response to legassembly

‎04-14-2009 01:43 PM

Glad to hear it, thanks for posting back.

Tom

0 Helpful
Customers Also Viewed These Support Documents