cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted

Exclusions behavior

Jump to solution

What will be the expected behavior if I add the lists of paths and their subdirectories to the Low-Risk profile without actually adding a particular .exe file?

My somewhat educated guess will be that any .exe file writing/reading from those paths won't get scanned.

Am I correct?

1 Solution

Accepted Solutions
Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 5 of 5

Re: Exclusions behavior

Jump to solution

Add the lists of paths and their subdirectories to other two tabs(Standard & High Risk) as well to exclude scanning when any .exe file writing/reading from those paths.

View solution in original post

4 Replies
Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 5

Re: Exclusions behavior

Jump to solution

Hi @chelo83 ,

The standard/high/low risk OAS profiles are essentially "Buckets" for defining what behavior the scanner will take when observing activity based on that process' status as a defined high/low risk process or undefined as a standard process.

If you define "process.exe" as a low risk process, it will then follow the settings you've configured in the Low Risk tab of your policy. If this is set to not scan, then the process' activity will not be scanned. If you define it as a High Risk process, then it will scan following the configuration within your High Risk tab, and will not honor the exclusions you've configured in your Standard tab.

That all being said - Unless a process is specifically defined as a low risk process, it will not behave as a low risk process. Only executables can be added as low risk processes, files/directories on the disk cannot be added and have the processes accessing those locations fall under "low risk" as a result.

Let me know if that makes sense, or if you have any further questions on the subject.

Thank you,

Thank you,
Mitchell Buehler

Was my reply helpful?
If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 3 of 5

Re: Exclusions behavior

Jump to solution

Kindly look at the below article. It might help.

https://kc.mcafee.com/corporate/index?page=content&id=KB55139

Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 4 of 5

Re: Exclusions behavior

Jump to solution

The scenario you described will not render any use. Since no processes are classified under low risk process and only files/folders exclusions you have added, when these files/folders are accessed scan will occur according to settings of Standard and High Risk settings. This is because High risk setting will apply for processes under High Risk accessing any files under these lists of paths and their sub-directories. Standard settings will apply for processes not classified as High Risk or Low Risk.

Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 5 of 5

Re: Exclusions behavior

Jump to solution

Add the lists of paths and their subdirectories to other two tabs(Standard & High Risk) as well to exclude scanning when any .exe file writing/reading from those paths.

View solution in original post

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community