Jump to content

can't exclude bash.exe?

ingber
 Share

Recommended Posts

ingber

ingber

Posted
Posted

I did not have this problem with MBARW.  I (re-)installed Windows 10 bash/ubuntu and want to exclude

C:\Windows\System32\bash.exe

from ARW.  However, the MBAM popup windows under Settings cannot see this file; a search in that window comes up with "No items match your search."?  File Explorer sees it just fine?

 

Link to post
Share on other sites
ingber

ingber

Posted
  • Author
Posted

The shortcut generated by the install of Windows Bash is

C:\Windows\System32\bash.exe ~

to go the home dir.  MBAM Exclusion windows cannot see this file.

 

The actual Ubuntu stuff is under c:/Users/ingber/AppData/Local/lxss/rootfs/ , e.g., bash is at

c:/Users/ingber/AppData/Local/lxss/rootfs/bin/bash

However, MBAM Exclusion windows cannot see the directory/folder lxss/ .

I do not understand why MBAM cannot see these ...  For example, in MBARW beta, bash triggered a quarantine and reboot, so it must see it somehow?

 

Link to post
Share on other sites
ingber

ingber

Posted
  • Author
Posted
On 12/18/2016 at 8:23 PM, ingber said:

The shortcut generated by the install of Windows Bash is

C:\Windows\System32\bash.exe ~

to go the home dir.  MBAM Exclusion windows cannot see this file.

 

The actual Ubuntu stuff is under c:/Users/ingber/AppData/Local/lxss/rootfs/ , e.g., bash is at

c:/Users/ingber/AppData/Local/lxss/rootfs/bin/bash

However, MBAM Exclusion windows cannot see the directory/folder lxss/ .

I do not understand why MBAM cannot see these ...  For example, in MBARW beta, bash triggered a quarantine and reboot, so it must see it somehow?

 

I have the same issues with version 3.05, which I patched over 3.04 and rebooted today.

Link to post
Share on other sites
  • Staff
tetonbob

tetonbob

Posted
  • Staff
Posted

Hi ingber. Currently, a file in a 64bit directory such as system32 on a 64bit system cannot be added to exclusions.

However, you should be able to add the \lxss folder to exclusions. To do so, you'll need to ensure you have unchecked the 'Hide protected operating system files (Recommended)' option in your Explorer > View > Options > Change folder and search options > View

See my attached image.

lxss folder.PNG

Link to post
Share on other sites
ingber

ingber

Posted
  • Author
Posted
25 minutes ago, tetonbob said:

Hi ingber. Currently, a file in a 64bit directory such as system32 on a 64bit system cannot be added to exclusions.

However, you should be able to add the \lxss folder to exclusions. To do so, you'll need to ensure you have unchecked the 'Hide protected operating system files (Recommended)' option in your Explorer > View > Options > Change folder and search options > View

See my attached image.

lxss folder.PNG

I can see xlss just fine in File Explorer, but not in the MBAM Window, even after unchecking the protected option?  I can see that you see it ...

Link to post
Share on other sites
ingber

ingber

Posted
  • Author
Posted
2 minutes ago, ingber said:

I can see xlss just fine in File Explorer, but not in the MBAM Window, even after unchecking the protected option?  I can see that you see it ...

I can see it now -- it just took awhile to come up.

 

Thanks.

 

Link to post
Share on other sites
dcollins

dcollins

Posted
Posted
13 hours ago, tetonbob said:

Hi ingber. Currently, a file in a 64bit directory such as system32 on a 64bit system cannot be added to exclusions.

You should be able to exclude files in system32, you just have to use a different path name for 32-bit applications. When you are adding exclusions, type in the folder name C:\Windows\Sysnative and it should show you  the 64-bit version of System32.

Link to post
Share on other sites
ingber

ingber

Posted
  • Author
Posted
3 minutes ago, dcollins said:

You should be able to exclude files in system32, you just have to use a different path name for 32-bit applications. When you are adding exclusions, type in the folder name C:\Windows\Sysnative and it should show you  the 64-bit version of System32.

Hi.  I do not see how to type in anything in the MBAM windows?  I have to follow the clickable entries.  I also do not see Sysnative in Iexplorer.  I am familiar with this path, as I use it in some of Cygwin scripts.

Lester

Link to post
Share on other sites
ingber

ingber

Posted
  • Author
Posted
1 minute ago, ingber said:

Hi.  I do not see how to type in anything in the MBAM windows?  I have to follow the clickable entries.  I also do not see Sysnative in Iexplorer.  I am familiar with this path, as I use it in some of Cygwin scripts.

Lester

Correction.  I do see where to type in a path in the MBAM window.

Link to post
Share on other sites
ingber

ingber

Posted
  • Author
Posted
2 minutes ago, ingber said:

Correction.  I do see where to type in a path in the MBAM window.

I assume MBAM Exclusions will recognize this bash.exe in Sysnative as being equivalent to that under System32?

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.