Bitsum Community Forum

General Category => Process Lasso => Topic started by: noahphense on October 04, 2021, 08:32:20 PM

Title: Latest Beta ..
Post by: noahphense on October 04, 2021, 08:32:20 PM
Something I am noticing.  As of the last beta.

In the ProBalance Exclusions, I've been using things like this for a long time.

c:\program files\eset\*

There is nothing in the directory, but there is a folder and the rest of the app in that folder.  IE.
C:\Program Files\ESET\ESET Security

It seems that recursive'ness, has stopped being functional.  As well, I am now getting quite a few svchost punches.  Not sure if that was an intentional change.

I've attached an image.


Title: Re: Latest Beta ..
Post by: Jeremy Collake on October 05, 2021, 07:00:50 AM
The svchost actions are just due to your use of the beta. They won't be acted on again.

In the last few betas builds prior to release, the ProBalance service exclusion was intentionally turned off. However, that change was reverted by the final 10.3 build. Your exclude services setting will also changed back to true when you update to the final.

There should be no change related to recursive path handling and wildcards, with the ProBalance exclusions or other rules. Can you check the log, find the ProBalance event for ekrn.exe, and confirm it is actually in 'c:\program files\eset' and not 'c:\program files (x86)\eset' or elsewhere, causing the path mismatch?

Ekrn.exe was likely acted on because of the now reverted service exclusion change, so is the same phenomenon as your svchost.exe actions.
Title: Re: Latest Beta ..
Post by: noahphense on October 05, 2021, 01:14:35 PM
Hey Jeremy,

Current Version: PL Pro x64

The boolean toggle (between versions) you mentioned sounds perfect for the root-cause of both of the items I mentioned in the OP.  So cheers to that.

Regarding the ekrn.exe, I grep'd for it, it's the only one in the system.  As of today, it's back to normal operation.

With that said, the deep wildcard (\*) recursive'ness is god-like.  I've been using it heavily, since the beginning.  I wont bore you with how many I actually have, but here are a two examples.  It would be quite time consuming to manage without them.

My programming language:
c:\pb\*   (which covers everything below that)


The lts573 is just the version number.  There is nothing in that directory except two more dirs, 32 and 64 bit versions.

This is a big one:

All of those below, have their own deep sub-dirs as I'm certain you are already aware.  It's been working great thus far.  With the exception of some one-offs, where a launcher is calling another executable.  Which is understandable.


Cheers for the help and the info.