exe file that, when executing, a window pops up (from the Heuristic Detection), and, when pressing "Allow this File"
and then "OK",
Then it is possible to execute the.exe.
It creates a rule here:
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Symantec\Symantec Endpoint Protection\AV\Exclusions\HeuristicScanning\FileHash\Client\<FILE_HASH>
How it is possible to add a file exclusion via command line?
Or either, move the file to a path where it is not Heuristicly scanned?
Regards
Solved:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Symantec\Symantec Endpoint Protection\AV\Exclusions\HeuristicScanning\Directory\Admin\1733004141]
"Owner"=dword:00000004
"ProtectionTechnology"=dword:00000002
"FirstAction"=dword:00000011
"SecondAction"=dword:00000011
"DirectoryName"="C:\\temp\\"
"ThreatName"="C:\\temp\\chisel_pezored.exe"
"ExcludeSubDirs"=dword:00000001
"ExtensionList"=""
"ScanCategories"=dword:ffffffff
reg import file.reg
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.