Exclude files from the on-access scan

Configure the on-access scan profile to add exclusions.

Task

  1. Log on to your Linux system as root user.
  2. Change directory to the /bin folder of the software.
    cd /opt/isec/ens/threatprevention/bin
  3. Run a command using this syntax.
    ./isecav --setoasprofileconfig --profile [standard | highrisk | lowrisk] [exclusion options]
    Specify the profile risk level from which you want to exclude files: standard, highrisk, or lowrisk.
    Note: The high-risk and low-risk process type are enforced only when the --procsettings is set to riskbased. If the --procsettings value is set to standard, then all processes are defined as standard processes. Run the isecav --help command to see the software Help.
    Replace [exclusion options] with these options:
    • Specific when to exclude the files or directories using one of these options.
      Option Definition
      --addexclusionread Adds exclusions to the On-Access Scan exclusion list during read operations.
      --addexclusionwrite Adds exclusions to the On-Access Scan exclusion list during write operations.
      --addexclusionrw Adds exclusions to the On-Access Scan exclusion list during read and write operations.
    • Specify the files or directories to exclude using these options.
      Option Definition
      --excludepaths Excludes the specified files or directories from the scan. Provide the Absolute file name, just the name of a file, or Absolute name of the directory according to these guidelines:
      • Wildcards [*, ?] are allowed as part of the value.
      • An Absolute file name and directory name must start with a [/].
      • A directory must end with a leading slash [/].
      • Multiple comma-separated values are allowed.
      • If any of the values have spaces in between, specify the values in double quotes ("").
      --excludefiletype Specifies the extensions to exclude. Provide the extension names according to these guidelines:
      • Wildcard [?] is allowed as part of the value.
      • Multiple comma-separated values are allowed.
      • If any of the values have spaces in between, specify the value in double quotes ("").
      -- excludepathwithsubfolder Specifies the directory and it's all subdirectories that must be excluded.
    Example: --addexclusionread --excludepaths "/home/user1/,/home/user/file1" --excludefiletype "txt,doc,pdf" --excludepathwithsubfolder

    The command excludes to read these files:

    • All files in the /home/user1/ directory
    • /home/user/file1
    • All .txt, .doc or .pdf file types from any file systems

    Also, the --excludepathwithsubfolder attribute excludes the files in the directory and all its subdirectories.