There has been much confusion about the use of global exclusions for Avast’s Endpoint Protection anti-virus in a managed environment using the Small Office Administration console (SOA). When managed, no changes can occur at the Endpoint clients, as the console will over write those settings, sometimes immediately. Therefore, all changes to clients must be performed in the SOA console.
Internally, we exclude Intuit’s QuickBooks Enterprise application for “blazing speed” purposes. So, a Global File Exclusion for QuickBooks looks like:
C:\Program Files(x86)\Intuit\QuickBooks Enterprise Solutions 10.0\QBW.exe
Here is a shortened version using wildcards and excludes all files in the Intuit directory: *Intuit*
I wanted to add the data file for the QuickBooks also, so I use a semi-colon as a separator with no spaces: *Intuit*;*.QBW
For a Global URL Exclusion: www.youtube.com; and this can also be shortened using wildcards to its simplest form: *youtube* Many can be listed by using the semicolon as a separator with no spaces.
To find global exclusions in SOA, go to Network, Group view and choose the desired group. Edit group settings, Expert settings, and I’ll take the risk:
For Expert settings, the Property path is listed in alphabetical order. Global exclusions are about 1/3 down through the list. Enter your exclusions by clicking on the Value field, and don’t forget to SAVE! These values will now be pushed to all managed systems within that group!
NOTE: Many times we have used global exclusions as temporary work around for program and URL FALSE POSITIVE detections, until we can get those programs or websites whitelisted at the avast! Virus Lab. I have found that infected files, locally or online, are blocked by the avast! Network Shield, even though a global exclusion for that file / website has been correctly excluded. Under these circumstances, the only temporary work around is to disable the Network Shield. However, I would ALWAYS TEST THE “INFECTION” or “FALSE POSITIVE” at Virus Total prior to shield disabling to prevent system infection: https://www.virustotal.com/
Sincerely,
J.R. Guthrie
President
Advantage Micro Corporation
520-290-0595
“At this point in time, the Internet should be regarded as an Enemy Weapons System!”