2 inquires. I know there are more advanced policy mechanisms coming - but looking for a quick, and dirty option until then.
1 - is there a faster method to making a quick realtime policy change - then going through and recreating another full policy - just to add one new exclusion? On the system - can I update the realtime.ini file and the corresponding exclusion registry entry - and that will do the trick? I have one additional folder to excluded - and would rather not recreate an existing policy to make one add.
2 - If I exclude “c:\folder” will that exclude all sub-folders? There is no mention of subfolders in the CPM users guide or in the policy wizard. Does there need to be a wildcard?
1 - is there a faster method to making a quick realtime policy change - then going through and recreating another full policy - just to add one new exclusion? On the system - can I update the realtime.ini file and the corresponding exclusion registry entry - and that will do the trick? I have one additional folder to excluded - and would rather not recreate an existing policy to make one add.
It is possible to modify the scan policies manually on the endpoint. If you examine the action from a Fixlet generated by the scan wizards, you may see that it constructs an INI file for the type of scan you want to change and essentially calls the following command:
TMCPMCLI.exe CONFIG -i realtime.ini
That being said, I still recommend you to use the wizards to make these configurations as there is logic built-in to enforce proper syntax and format for the INI as well as taking account of any pre-existing settings.
Being able to re-load existing policies back into their respective wizards is an enhancement that is being considered for future revisions of the product, however, it does not exist in the current version, CPM 1.6. For now, it is recommended to use the wizards.
2 - If I exclude “c:\folder” will that exclude all sub-folders? There is no mention of subfolders in the CPM users guide or in the policy wizard. Does there need to be a wildcard?
After some quick tests, an exclude of a the parent folder seems to exclude its child folders as well. I don’t believe a wildcard is necessary.