ESET Customer Advisory 2019-0018
November 7, 2019
Severity: Information
Summary
ESET has recently fixed the format of exclusions across its product portfolio. Previously, products erroneously accepted an ambiguous format of the path in its exclusions settings. After updating to the latest module, previously created exclusions need to be checked and possibly edited by system administrators.
Details
With the release of Antivirus and antispyware scanner module version 1555, ESET has changed the supported format of exclusions used in its scanning engine. Previously, due to a bug, a path defined as C:\path or /home/path was treated as a folder exclusion and all files within the specified folder were erroneously excluded from scanning. Therefore, ESET decided to fix this behavior in all its antivirus products across Windows, Linux and macOS operating systems.
Once the product is updated to Antivirus and antispyware scanner module version 1555 (and higher), the fix is put in place and the correct format is applied. In the correct format, a path defined as C:\path or /home/path is now considered to be a file, not a folder. To specify a folder and its content, a slash with an asterisk needs to be used (such as C:\path\* or /home/path/*).
New exclusions, created by selecting a folder via the product’s graphical user interface, will have the correct format applied automatically in ESET Endpoint products for Windows version 7.2 and ESET consumer products for Windows version 13. Subsequent to these products, the proper formatting of exclusions upon saving from the product’s graphical user interface will be applied to any remaining products in the portfolio.
Pre-existing exclusions (and exclusions created in products that do not yet apply the new format to exclusions added from the graphical user interface) need to be checked and possibly edited by system administrators, as the format without the slash and asterisk will no longer exclude the folder content. In addition, exclusions set by a policy from ESET Security Management Center need to use the slash and asterisk in the exclusion path.
The corresponding product documentation will be edited to reflect this change as well.
Affected programs and versions
All ESET antivirus products on Windows, Linux and macOS with Antivirus and antispyware scanner module version 1555 or higher installed (this module was released on September 23, 2019; see below for instructions on how to check the module version installed in your ESET product).
Resources
- For products running on Windows:
- Access information about product modules in ESET Windows home products – Knowledgebase article describing how to find your module version
- For products running on macOS:
- Find installed components in ESET Cyber Security products – Knowledgebase article describing how to find your module version
- For products running on Linux:
- To find your module version in ESET NOD32 Antivirus:
- Open the main product window and navigate to Help > About NOD32 Antivirus > More info
- To find your module version in ESET File/Mail/Gateway Security version 4.x:
- Open Terminal and run head -9 /var/opt/eset/esets/lib/em001_32.dat | grep -a ‘version:’
- To find your module version in ESET Server Security version 7.x:
- In the product’s web interface, navigate to Help > About, or
- Open Terminal and run head -9 /var/opt/eset/efs/lib/em001_64.dat | grep -a ‘version:’
- To find your module version in ESET NOD32 Antivirus:
Feedback & Support
If you have feedback or questions about this issue, please contact us using the ESET Security Forum, or via local ESET Support.
Version log
Version 1.0 (November 7, 2019): Initial version of this document