It would be great to have an "baseline" feature so that everything is scanned at the time of the malware enablement is considered safe. Or something along those lines.
My "fix":
This can definitely be refined much more and automated even more, but what I do is have the script search the log file of "detected" malware, and then export it to a txt file with some modifications so that I just copy and paste it into the XML I then use to re-import it back into the exclusion list. Get it?
(Yes, that whole copy and paste part could be scripted as well).Janky? Probably. Helpful? Yeah. After some time I can stop doing this and monitor for any changes or tweak as needed.
Requirement: Export the XML exception list that you have so you have a baseline XML to work with.
# Define the input file and output file
$inputFilePath = "C:\Setup\PSScripts\suspicious.log" # Path to your input file
$outputFilePath = "C:\Setup\PSScripts\suspiciousXml.txt" # Path to the output file
# Define the regex pattern to match the lines
$pattern = '(?<=\b[a-zA-Z0-9\-]+:\w+-\w+-\w+-\w+-\w+):(.+)'
# Read the content of the input file
$content = Get-Content -Path $inputFilePath
# Initialize an array to hold formatted paths
$formattedPaths = @()
# Use regex to match and extract the file path after the UUID
$content | ForEach-Object {
if ($_ -match $pattern) {
# The file path is captured in the first group of the match (.*)
$filePath = $matches[1]
$filePath
# Format the file path in the required XML-like structure
$formattedPaths += " <Item Type=""Absolute"">$filePath</Item>"
}
}
# Write the formatted paths to the output file
$formattedPaths | Set-Content -Path $outputFilePath
# Optional: Output to the console for confirmation
Write-Host "Formatted file paths have been saved to: $outputFilePath"