WebAdmin bad behavoir when configuring Endpoint Protection Antivirus File/Folders Exceptions

Hello TimothyTrace,

I'm not a UTM guy 'twas just Exclusion ...bugs? which caught my attention.
As said I'm not familiar with the UTM UI (but at least with AV exclusions). Wonder if it's the \0 combination as the backslash should generally work. So just to test please try a path with characters other than 0 after the backslash (I know, this is not what you need but ...). Maybe just the \0 gets eaten, maybe others as well. I'd also check what's in the computer's AV settings - whether it's the slashless path or not.
Unlikely but I've seen similar bugs it could be that the \0 is misinterpreted when it's read back for display in the GUI but correct in the policy.   

Christian

P.S. and BTW: Even as the KB article says must the exclusions are not necessarily necessary (forgive the bad pun). We have without problems none of them in place for our Exchange servers.

Hello TimothyTrace,

I'm not a UTM guy 'twas just Exclusion ...bugs? which caught my attention.
As said I'm not familiar with the UTM UI (but at least with AV exclusions). Wonder if it's the \0 combination as the backslash should generally work. So just to test please try a path with characters other than 0 after the backslash (I know, this is not what you need but ...). Maybe just the \0 gets eaten, maybe others as well. I'd also check what's in the computer's AV settings - whether it's the slashless path or not.
Unlikely but I've seen similar bugs it could be that the \0 is misinterpreted when it's read back for display in the GUI but correct in the policy.   

Christian

P.S. and BTW: Even as the KB article says must the exclusions are not necessarily necessary (forgive the bad pun). We have without problems none of them in place for our Exchange servers.

Hi can confirm that you dont need exclusions for running exchange smoothly with utm endpoint protection..

seems to be a quoting bug... maybe need to set it in "path" or something like \/ or /\ to get it not interpreted...

zaphod said:

Hi can confirm that you dont need exclusions for running exchange smoothly with utm endpoint protection..

I've got real-world experience in recovering Exchange databases from damage caused by AV file-system real-time scanners. Not doing *that* again.

Anyone who doesn't pay attention to Microsoft's recommendations for AV exclusions with Exchange (linked in the OP) is asking for trouble.

zaphod said:

seems to be a quoting bug... maybe need to set it in "path" or something like \/ or /\ to get it not interpreted...

Good idea, thank you.

Wrapping it in quotes doesn't help.

Tried escaping the backslash ... no luck.

• E:\/1a-DB\/1a-DB\/1a-DB brings back E:\/1a-DB\/1a-DB\/1a-DB
• E:/\1a-DB/\1a-DB/\1a-DB brings back E:/\1a-DB/\1a-DB/\1a-DB
• E:\\1a-DB\\1a-DB\\1a-DB brings back E:\\1a-DB\\1a-DB\\1a-DB

Tried e:\01a-db\01a-db\01a-db, and it came back e:1a-db1a-db1a-db .

Humorously, c:\temp comes back as .... yup .... c:\temp .

What's going on here?

QC said:

the exclusions are not necessarily necessary....We have without problems none of them in place for our Exchange servers.

I'm not as brave as you. Microsoft cares enough to publish *and recently update* a TN article with strong words like "must," and I won't risk my reputation or financial income by ignoring them.

Like I said, I've got first-hand experience with Exchange logfile damage from file-system real-time AV. The recovery was painful enough that I won't ever risk it again.