Emsisoft Syncro Managed Whitelist/Exclusions?

Can you have Emsisoft managed by Syncro and setup exclusions/whitelists for files or folders on the computer you are deploying it on? I would rather not change from Syncro managed but I did not see the ability to set a file or folder exclusion. On one client site I see it popping up an alert to the users that a exe they use for a business application that says it might be a threat. They can click to allow it but I would rather just whitelist the application if possible instead of getting tickets from users on the pop up.

You should be able to make a lot more changes in the Emsisoft Cloud Console. Emsisoft Integration

That is when its not Managed by Syncro that is when you change to Emsisoft cloud managed.
Don’t want to deal with the separate cloud portal for that baseline AV. Might just have to go to the Pax8 Bitdefender Licenses and go that route then.

Seems the integration for a product they sell as part of the package should at least support basic AV functionality that has been the basis of AV for decades now. Home AV’s even handle exclusions/whitelists.

So far a bit disappointed with so called selling features of Syncro. Was already going to use SentinelOne as my advanced AV solution for clients that needed/wanted more than just AV so wanted to keep it as simple as possible

I have seen others mention the console when integrated. BD is the same way, you have to manage things in their cloud console. This was taken from the page I sent you. “Please note, Syncro will still control the license and installing/uninstalling. This just allows the Cloud Console take priority over Emsisoft AV settings.”

The limitations could be with the Emsisoft and their API. I know Emsisoft has a close relationship with Syncro, so I would imagine, they would want it as full featured as possible. I agree, if it’s possible, policy management should be integrated. Other integrated AVs that we’ve dealt with though, we had to manage in a separate console.

I had already gone over turning on the Cloud console before posting. I made this thread because it requires things like tokens to be setup / scripted and for each customer. If I am going to deal with a separate cloud I will go back to Bit Defender and use Pax8 licenses for better pricing and a simpler integration.

Just disappointed the built in option they promote is so half baked. Had much better solution when I was using Soloarwinds/N-Able N-Central with the built in AV defender.

You would have to ask Davlat Aminov of Emsisoft why this isn’t integrated. He’s in the FB group. Syncro worked with Emsisoft to develop this. There may be more to the story than it just being half-baked. I have seen several cases where the vendors don’t allow certain actions to happen via the API for security reasons. Because AV uses profiles for AV agents, and whitelist are part of those profiles, they couldn’t just develop a whitelist and it works, they would have to develop a complete policy module for the integration, and who knows if that is even allowed through the API.

Like I said half baked no matter what the excuse is. N-Central with its AV Defender integration has it in the policy to be able to do exclusions/white list and more so it would be just an excuse.

Clearly its not a full native AV option if only thing you can control in Syncro is install/License and schedule a scan without having to enable external portal and then jump through hoops to set that up for each customer.

SyncroMSP and Emsisoft are two completely different companies. Emsisoft is just one of the integrations that SyncroMSP has available. They also have Bitdefender (which is the full version not the chopped version that SW-AVD is. Emsisoft includes that same functionality as they utilize the same BD kit as their second AV scanner engine.), Webroot and Huntress integrations available which are both completely separate companies. The integrations are good for the basics but none of them are as powerful as the vendor’s portals. We have all four of these setups. Nothing but an extra tab open on the browser.

Emsisoft is not just another Tab, it has that stupid token requirement for each customer to be scripted for licensing.

BitDefender looks to be a much better integration. Will look at Huntress and see how that one works. I just need a cookie cutter integration for the simple clients that are very basic. S1 will probably be the solution I go with for the more complex or higher security need clients. And with Pax8 at least the billing will be integrated just not the policies and deployment which is fine for the higher tier clients.

S1 through Pax8 gets billed to your account, not the customers, so no syncing to invoices. The only thing, for us, that’s actually segregated by customer right now are M365 license, everything else is lumped under our account.

Hmm, I will have to look at that today. I have a meeting at 2pm with my Pax8 security rep. If it at least is broken down in Pax8 to my individual clients and how many licenses each I can make that work.

Or can always have them direct bill clients for the 5% fee if I get a large number on S1 and it’s a waste of time reconciling licenses for billing

It’s not, it’s all lumped on you and the invoice doesn’t differentiate either.

In Syncro you just assign Emsisoft to push to a machine. After that, it creates a license key for that customer. Then in the Emsisoft console, you create a workspace for that customer using that license key. It will then generate a token for that workspace/customer. I then use the following script and have it automatically push on every policy that I push Emsisoft with.

$ScriptName = "Emsisoft - Defined Customer Token"

Import-Module $env:SyncroModule -WarningAction SilentlyContinue

$Today = Get-Date -Format "yyyy-MM-dd HH_mm_ss"
$AssetName = $env:COMPUTERNAME

if ($Ticket -eq "") {
    Write-Host "Beginning [$ScriptName] script, ran by [$Tech] at [$Today]."
} else {
    Write-Host "Beginning [$ScriptName] script, ran by [$Tech] for [$Ticket] at [$Today]."
}

# Variables here need a value or to be commented out ===========================

$LogActivityEventName = "Emsisoft"
$LogActivityMessage = "Set Emsisoft token for [$CustomerName]"
$Billable =    # Leave blank but enabled if not used.  If using as a declared variable, comment out entirely.
#$BillableTime = 
#$TicketTimerEntryNotes = 
$TicketCommentSubject = "Emsisoft"
$TicketCommentBody = "[$AssetName]: Set Emsisoft token for [$CustomerName]."

# End of variable declaration ==================================================
# Actual Script Begin ==========================================================

if ($CustomerID -eq '123456789') {                         # Check for Customer1
    $authToken = "01234567-1234-1234-1234-123456789012"
} elseif ($CustomerID -eq '2345678901') {                   # Check for Customer2
    $authToken = "98765432-4321-4321-4321-210987654321"
} else {
    Write-Host "AUTH TOKEN IS NULL!  Exiting [$ScriptName]."
		Exit 1
}

if ($authtoken -ne $null) {
    start-process -filepath "$env:programfiles\Emsisoft Anti-Malware\a2start.exe" -argumentlist "/applytoken=$authToken"
    Write-Host "Auth Token found and applied for [$CustomerName]."
} else {
    Write-Host "AUTH TOKEN IS NULL!  Exiting [$ScriptName]."
		Exit 1
}

# Actual Script End ============================================================

#Ticket & Log-Activity notations - Ticket notations only work if the asset is on the ticket.
if ($Ticket -ne $Null) {
    if ($Ticket -eq "") {
        Write-Host "Ticket number not provided."
    } else {
        Write-Host "Adding Ticket info notations."
        if ($Billable -eq "Yes") {
            Write-Host "Adding billable time log entry"
            $StartAt = (Get-Date).AddMinutes(-$BillableTime).toString("o")
            Create-Syncro-Ticket-TimerEntry -TicketIdOrNumber $Ticket -StartTime $StartAt -DurationMinutes $BillableTime -Notes "$TicketTimerEntryNotes" -UserIdOrEmail "$Tech" -ChargeTime $True
        }
        Create-Syncro-Ticket-Comment -TicketIdOrNumber $Ticket -Subject "$TicketCommentSubject" -Body "$TicketCommentBody" -Hidden $True -DoNotEmail $True
        Log-Activity -EventName "$LogActivityEventName" -Message "$LogActivityMessage for [$Ticket]"
    }
} else {
    Log-Activity -EventName "$LogActivityEventName" -Message "$LogActivityMessage"
}

Write-Host "Script completed."

Variables defined:

  • Ticket - runtime (can be omitted, only needed if you desire it to be noted on the ticket. also, the asset has to be attached to the ticket)
  • Tech - platform - {account_tech} (note, I am unsure if this is working as expected)
  • CustomerName - platform - {{customer_name_label}}
  • CustomerID - platform - {{customer_id}}

Note, this is longer because I use a standardized format for all my scripts. You could just use:

if ($CustomerID -eq '123456789') {                         # Check for Customer1
    $authToken = "01234567-1234-1234-1234-123456789012"
} elseif ($CustomerID -eq '2345678901') {                   # Check for Customer2
    $authToken = "98765432-4321-4321-4321-210987654321"
} else {
    Write-Host "AUTH TOKEN NOT FOUND!  Exiting."
    Exit 1
}

if ($authtoken -ne $null) {
    start-process -filepath "$env:programfiles\Emsisoft Anti-Malware\a2start.exe" -argumentlist "/applytoken=$authToken"
    Write-Host "Auth Token found and applied for [$CustomerName]."
} else {
    Write-Host "AUTH TOKEN IS NULL!  Exiting script."
		Exit 1
}

For both, put in the customer ID for your customer that you want to check and the associated authtoken for it. So, when you add a new workspace, update this script with a new elseif accordingly.

I hope this helps.

Hi @joe5

To echo what is said in the thread - The way to add exclusions is to use the Emsisoft cloud console. Syncro’s policy editor is limited in nature but once you sign up for Emsisoft cloud console, which is included with your license cost of Emsisoft, you will be able to have full control over exclusions.

Here is a great article by Emsisoft that covers exactly how to add a .exe to the exceptions list: https://helpdesk.emsisoft.com/en-us/article/114-how-do-i-exclude-a-program-from-an-emsisoft-product