Category: Antivirus

Sage Antivirus Exclusions – Powershell Script for Windows Defender

Sage Antivirus Exclusions – Powershell Script for Windows Defender

Sage Company Logo

What does this Powershell Script do?

This is a simple Powershell Script to automate the process of adding Exclusions for Sage Accounts into Windows Defender

It will carry out the File and Folder exclusions listed in the following Sage Article:

It Will NOT add the URL Exclusions.

The Script has been tested on the following Operating Systems:

Windows 10 32-Bit
Windows 10 64-Bit

The Script:

Download: Sage-Exclusions-Windows-Defender

Remember to run the Script as an Administrator.

Write-Host "Adding Sage Anti-Virus Exclusions" -ForegroundColor Green
Write-Host "Excluding Data Files Extensions" -ForegroundColor Yellow
Add-MpPreference -ExclusionExtension DTA, DTH, COA, S50
Write-Host "Excluding Report and Layout File Extensions" -ForegroundColor Yellow
Add-MpPreference -ExclusionExtension SRT, SLY, SLT, SLB, RPT
Write-Host "Excluding Sage Account File Extensions" -ForegroundColor Yellow
Add-MpPreference -ExclusionExtension report, layout, letter, label
Write-Host "Excluding Memo Files" -ForegroundColor Yellow
Add-MpPreference -ExclusionExtension SLM, PLM, NLM, ILM, BLM, CLM, DLM
Write-Host "Excluding Critera Files" -ForegroundColor Yellow
Add-MpPreference -ExclusionExtension SLC, SLI, PRC, PRO, NMC, NMI, BKC, BKI, SKI, IVC, IVI, SPC, SPI, PCC, PPI, PCI, REC, REI, SAC, SAI, IPC, IPI, PDC, PDI
Write-Host "Excluding Folders used by Sage Accounts (32-Bit and 64-Bit)" -ForegroundColor Yellow
Add-MpPreference -ExclusionPath "C:\Program Files\Common Files\Sage SBD"
Add-MpPreference -ExclusionPath "C:\Program Files (x86)\Common Files\Sage SBD"
Add-MpPreference -ExclusionPath "C:\Program Files\Common Files\Sage Line50"
Add-MpPreference -ExclusionPath "C:\Program Files (x86)\Common Files\Sage Line50"
Add-MpPreference -ExclusionPath "C:\Program Files\Common Files\Sage Report Designer 2007"
Add-MpPreference -ExclusionPath "C:\Program Files (x86)\Common Files\Sage Report Designer 2007"
Add-MpPreference -ExclusionPath "C:\Program Files\Common Files\Sage Shared"
Add-MpPreference -ExclusionPath "C:\Program Files (x86)\Common Files\Sage Shared"
Add-MpPreference -ExclusionPath "C:\Program Files\Sage EBanking"
Add-MpPreference -ExclusionPath "C:\Program Files (x86)\Sage EBanking"
Add-MpPreference -ExclusionPath "C:\Program Files\Sage"
Add-MpPreference -ExclusionPath "C:\Program Files (x86)\Sage"
Add-MpPreference -ExclusionPath "C:\ProgramData\Sage"
Write-Host "Script Complete" -ForegroundColor Green

For large organisations using Sage it is suggested that you configure the exclusions either via your Anti-Virus Management Console or via GPO.

Avoid getting infected by threats like ‘WannaCry/WCry’ – Ransomware

Avoid getting infected by threats like ‘WannaCry/WCry’ – Ransomware

I’ve been asked about the WannaCry Ransomware a few times over the last few days. My top tips on how to avoid becoming a victim to these kinds of threats are below:

Keep your Systems up-to-date.

Windows updates can be irritating. We’ve all been there when we’re ready to go home and we’re waiting for Windows update to finish installing before the PC is shutdown. However, in the case of ‘WannaCry’ ransomware, the infections could have been avoided by the Microsoft Fix being installed. The Fix itself was released months ago, with Microsoft Updates turned on there is a vastly reduced chance of you getting this kind of infection that tried to access your machine via known Vulnerabilities in Microsofts software.

Use a supported Operating System.

The support for older versions of Microsofts Operating Systems like Windows XP ended ages ago. Microsoft were under no obligation to release a fix for the SMB issue that the ‘WannaCry’ infection exploited. Users on the latest Windows 10 operating System were immune to this issue as the auto updates would have patched the vulnerability when it was released. Refer back to item number 1.

Get yourself a decent Anti-Virus.

There are far too many people out there who run their Systems with either no Anti-Virus or a poor performing free Anti-Virus. With a paid Anti-Virus you’re in safer hands.

Personally, I recommend ESET Anti-Virus. I’ve used it for many years and have it on both my Home and Work Operating Systems. It’s low on Resource consummation and has an excellent virus detection rate. Those users who already have ESET will have been immune to the ‘WannaCry’ infection as ESET can detect and stop it. The same is said for many of the other varients of Ransomware

A Link is for ESET can be found at the bottom of this page.

Email – Be cautious, if in doubt don’t open them.

Email is possibly the biggest method in which machines are infected with viruses and malware. This means that if the users are more cautious and aware then there is less risk of being infected. Scammers are getting very smart in their methods of making an email look like it has come from a legitimate source when it hasn’t. I strongly suggest that you take care when going through your emails. If you don’t think the sender is legitimate then check with them before opening it. If you can’t contact them directly, delete the email. Better safe than sorry.

Going even further than this, if you’re a company you should have some kind of Email Filtering in place. Yes, it does cost a little bit of money but probably nothing in comparison to getting an infection and losing your data!

If it’s important to you – Have a BACKUP!

Despite having all of the above in place, there is still a chance of being infected by something that you can’t remove without having to reinstall you PC. In the event of this, it’s always best to have a backup! Anything that you have that you cannot do without you’ll want to backup. Backup to multiple locations and backup often.

728x90 ESET for Windows, 30 Days Free

Rolling back the ESET Endpoint Antivirus / Security Update File

Rolling back the ESET Endpoint Antivirus / Security Update File

There have been a couple of issues recently with ESET releasing an Antivirus update that is defective. The most recent event that I can recall started to bring up notifications when browsing certain legitimate websites. ESET was quick to identify the error but it took a few hours for them to release a fix.

The easiest thing to do to restore normal service is to roll back to an earlier version of the Security definitions update until the fix is released. You can do this by following the below steps.

1) Open ESET

2) Click on Setup > Advanced Setup

3) Click Update

4) Scroll Down to Rollback > Click the Rollback button next to ‘Rollback to previous update files’

How to Rollback ESET

5) Leave the duration as 12Hours as ESET should react quicker than that to resolve the issue.

6) Click OK and you’re done