cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 11 of 16

Re: AMSI & exclusion lists

Jump to solution

Hi @gene0915 

AMSI scanning uses the Actions and Exclusions specified for Standard process types in the Process Settings section of the On-Access Scan settings. Therefore if something is excluded here, AMSI should not be scanning it either. If you are seeing that, it would be a problem and would need to be investigated.

Was my reply helpful?
If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?
Highlighted

Re: AMSI & exclusion lists

Jump to solution

I have an SR open for this. The directory in question has indeed been added to the 'Standard' section for the OAS to exclude yet AMSI is still intercepting things, thus severely slowing down the scripts.

Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 13 of 16

Re: AMSI & exclusion lists

Jump to solution

Would you mind sending me the SR number via private message, I would very much like to look into this.

Was my reply helpful?
If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?
Highlighted

Re: AMSI & exclusion lists

Jump to solution

Private message sent.

Something else I just thought of.... maybe we'll need to add some more directory exclusions?! Maybe the one that was added just wasn't enough? Our scripting people said that the dir they gave us was the one they use so who knows.

 

Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 15 of 16

Re: AMSI & exclusion lists

Jump to solution

Thanks for sharing the SR. I've taken a look and can see you mentioned that these are fileless files still being scanned. In which case - as you seem to have already found yourself - the exclusions would not be valid.

AMSI excludes most files that are excluded as per OAS policy however some scripts i.e. fileless ones are not excluded from AMSI. You could submit a PER for the same however I can confirm this is as designed to ensure your systems remain protected. I do however understand the problem you are facing will be quite difficult to overcome - it may be something you need to look at with your team and change the way they achieve the intended goal.

Was my reply helpful?
If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?
Highlighted

Re: AMSI & exclusion lists

Jump to solution

Not sure what can be done to address this but yes, I'll probably open up a PER.

 

Thanks

 

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community