Trend Micro Deep Security 9: Exclude Network Shares from Anti-malware scans

I found a little problem with the default real-time scan settings in Trend Micro Deep Security 9 that we deployed last week… there are no exclusions set!  It first found “malicious” files in my DataDomain backup share on my Veeam server.  The folder is a UNC Share path “\\wf.local\sysvol\Datadomain\Veeam\Backups”.

It is simple to create a directory exclusion list with entries like “C:\Program files\Directory\” or “U:\MyProfile”.  But you cannot exclude network shares with “\\” in the path directly into this field.  There’s a few extra steps you have to take…

 

Create a UNC Share Variable

1. Open up the policy in question (I just edited the Base Policy).
2. Click Settings on the left.
3. Click View Environment Variables.
4. Click New.
5. Provide a variable name (like UNC) then enter your value.

envvariable

6. Click OK.  Click Close.

Now you have to add your variable to the Directory Exclusion List (and create one).
1. Click the Policies tab.
2. Click Anti-Malware in the left column.
3. Click the General tab then click Edit in the Real-Time Scan Settings Section.
4. Go to the Exclusions Tab.
5. Select Directory List and then click New or Edit Directory List.
6. Give the list a name (required) and description (optional).
7. In the Directory field, enter the variable you created, like mine above would be ${UNC}.

directory-list

8.  Click OK.  Click OK.

 

For more details, see the associate KB on the Trend Micro Website: http://esupport.trendmicro.com/solution/en-US/1096634.aspx

, ,

No comments yet.

Leave a Reply