cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

ENS for Mac exclusions for Time Machine

Hi! I have a suspicion that ENS for Mac is causing performance problems on my Macbook when the Time Maschine backup process is active. What do you think would be the best way to exclude such a backup process in Mac environment from OAS scanning? So far I see no good solution as ENS policies do not allow adding low risk processes for Mac Systems. That you in advance for any suggestions on that matter!

5 Replies
McAfee Employee parul1234
McAfee Employee
Report Inappropriate Content
Message 2 of 6

Re: ENS for Mac exclusions for Time Machine

Hi,

Thank you for your question.

I would recommend if you are using 10.6.x version of ENSM , there is a very nice feature which is added.

The feature is "KEXT-LESS" mode., which which not allow kernel level scanning.You can refer below KB Article for the detail about KEXT LESS mode deployment.

https://kc.mcafee.com/corporate/index?page=content&id=KB91337

Also I would recommend to add exclusion based on the file extensions and .log files involved for backup, here you are correct there is no low risk exclusion setting for MAC but you can select scan settings only when write instead of read and write both.

https://kc.mcafee.com/corporate/index?page=content&id=KB68562

Also it is recommended to always be on the latest ENSM version.

I hope above steps will help you to reduce performance impact.

Was my reply helpful?
If you find this post useful, Please give it a Kudos! l Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Thanks

Re: ENS for Mac exclusions for Time Machine

Is KEXT-LESS mode the new workaround or the fix for ongoing performance issues with ENSM?  I have an SR open and this was given as a workaround. 

Are there any security risks to setting ENSM to KEXT-LESS mode? 

When following the steps in KB91337 does it also set ATP to KEXT-LESS mode or is there another step?

McAfee Employee parul1234
McAfee Employee
Report Inappropriate Content
Message 4 of 6

Re: ENS for Mac exclusions for Time Machine

Hi,

Thanks for update.

Yeah, you can consider this is new feature which has been introduced with 10.6.x version of ENSM  to reduce performance impact.

The security risk of going kextless is minimum, we have comparison on kext mode and kextless mode in the product guide of 10.6.0 page 31 "Differences in Threat Prevention functionality with kernel and kernel-less mode" 
 
If performance is a concern , going kextless would be suggested. 
 
Thanks

Re: ENS for Mac exclusions for Time Machine

Thank you for the additional info.  Can you speak to my question regarding ATP and kextless mode?

McAfee Employee parul1234
McAfee Employee
Report Inappropriate Content
Message 6 of 6

Re: ENS for Mac exclusions for Time Machine

Hi ,

If you are changing the mode from ePO using mentioned KB , it will move ATP as well in KEXT LESS mode.

If you are using standalone machine then you can use below Article to move every component is KEXT LESS mode- 

https://docs.mcafee.com/bundle/endpoint-security-10.6.0-installation-guide-macOS/page/GUID-74D9510B-...

 

Was my reply helpful?
If you find this post useful, Please give it a Kudos! l Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Thanks

Parul

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community