Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
739
Views
0
Helpful
7
Replies

CSA Config - Trojan Detection

mcvosi
Level 1
Level 1

‎12-10-2003 12:58 PM - edited ‎03-09-2019 05:50 AM

I have an application class (anti-virus in this case) configured as an exception to the trojan detection policy, however it's not working. No matter what application class I exclude, it seems to be ignored. Seems to be a bug.

Labels:
0 Helpful
7 Replies 7

benhur.p
Level 1
Level 1

‎12-21-2003 10:15 PM

Any update on this...would be helpful to all if you can post an update...tahnks

0 Helpful

tsteger1
Level 8
Level 8

‎03-04-2004 01:10 PM

Would this be McAfee Antivirus and frameworkservices.exe by any chance? If so we are having a similar problem.

0 Helpful

mcvosi
Level 1
Level 1
In response to tsteger1

‎03-04-2004 04:24 PM

Nope - Trend.

0 Helpful

bcarroll
Level 1
Level 1
In response to mcvosi

‎04-14-2004 10:31 PM

Are you still having this problem? Is the "wizard" avaliable in the event log? IF so, have you created an exception using the wizard?

BC

0 Helpful

mcvosi
Level 1
Level 1
In response to bcarroll

‎04-15-2004 06:32 AM

I seem to have solved it with multiple rule exclusions.

0 Helpful

5mlattimore
Level 1
Level 1
In response to mcvosi

‎04-22-2004 01:37 PM

Can you post how you did it? We are seeing 'keystroke captruing alerts" from the trojan detection engine for

iexplore.exe

explorer.exe

nnotes.exe

frameworkservices.exe

and a few others

We have created exceptions but the alerts persist as if its not recognizing the EXE file.

So when you say multiple rule excluions, what exactly are you doing?

thx

0 Helpful

tsteger1
Level 8
Level 8
In response to 5mlattimore

‎04-27-2004 03:25 PM

As long as you have those executables in an application class, you can add the application class to the exclusion list of each behavior in the trojan detection rule that triggers the event. If not, you need to create the app class first, then add it to the list. There are several of these rules assigned to different policies so you'll want to make sure you either change each rule for each policy or create one rule and copy it to the other policies. The wizard can help you get started as it can be pretty tricky trying to figure out which behavior is triggering the rule.

Hope this helps...

0 Helpful
Customers Also Viewed These Support Documents