cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

Removal of MS exclusions in ENS policies (Let McAfee Decide) - guidance required on stakeholder mgmt

Jump to solution

Hi,

I have read around the new AMCore model and Let McAfee Decide.  We are currently migrating from VSE to ENS, and there are a large number of application owners who have had critical issues in the past because of confusion around exclusions.  My main issue is that we need to be up front about what we are doing, and this is "removing the current MS exclusions you have as ENS will handle it".  In that respect, can I confirm:

- When using 'Let McAfee Decide' option is there any negative performance (or other) impact in leaving the currently configured MS exclusions (in VSE) in the migrated ENS policies.
- When using 'Let McAfee Decide' option, is it the case that we dont need any exclusions specifically highlighted in all of the exclusions documents [1], or that we dont need *any* MS exclusions (if the latter, does this rely on signed files)

I am looking to use the Let McAfee Decide option, and also remove current MS exclusions that are no longer required in ENS - while we go through formal testing, however - if any issues are experienced (either rightly or wrongly attributed to migration to ENS), the fallout could potentially be huge if the key stakeholders attribute this (rightly or wrongly) to the removal of these exclusions.

This isnt about confidence in the product, it is about stakeholder management.  And these stakeholders are responsible for mission-critical systems.

Any thoughts or guidance on this greatly appreciated.

Many thanks,

 

[1] https://kc.mcafee.com/corporate/index?page=content&id=KB66909

1 Solution

Accepted Solutions
McAfee Employee chealey
McAfee Employee
Report Inappropriate Content
Message 2 of 4

Re: Removal of MS exclusions in ENS policies (Let McAfee Decide) - guidance required on stakeholder

Jump to solution

Correct, the exclusions mentioned in KB66909 are all included in the ENS scan avoidance. So it you use Let McAfee Decide the scan avoidance will come into play and the inbuilt exclusion set will be used. Scan avoidance is safer than setting exclusions because the integrated exclusions are more restrictive whilst still excluding the necessary actions to avoid an impact on the third party application / performance.

In case you didn't see, linked to the mentioned KB is the following document on scan avoidance: https://community.mcafee.com/t5/Documents/Explanation-of-AMCore-Trust-Model-v1p3-pdf/ta-p/550630

I have worked with many large customers who trust in this scan model and who have removed most of their exclusions they had in VSE based on the above article. 

If you leave the exclusions in place, you may experience some negative performance impacts as the more exclusions you have, the longer the list is for the scanner to check every time it performs any scan action. If you are using Let McAfee Decide, we encourage you to remove the manual exclusions you have for those apps.

Was my reply helpful?
If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?
3 Replies
McAfee Employee chealey
McAfee Employee
Report Inappropriate Content
Message 2 of 4

Re: Removal of MS exclusions in ENS policies (Let McAfee Decide) - guidance required on stakeholder

Jump to solution

Correct, the exclusions mentioned in KB66909 are all included in the ENS scan avoidance. So it you use Let McAfee Decide the scan avoidance will come into play and the inbuilt exclusion set will be used. Scan avoidance is safer than setting exclusions because the integrated exclusions are more restrictive whilst still excluding the necessary actions to avoid an impact on the third party application / performance.

In case you didn't see, linked to the mentioned KB is the following document on scan avoidance: https://community.mcafee.com/t5/Documents/Explanation-of-AMCore-Trust-Model-v1p3-pdf/ta-p/550630

I have worked with many large customers who trust in this scan model and who have removed most of their exclusions they had in VSE based on the above article. 

If you leave the exclusions in place, you may experience some negative performance impacts as the more exclusions you have, the longer the list is for the scanner to check every time it performs any scan action. If you are using Let McAfee Decide, we encourage you to remove the manual exclusions you have for those apps.

Was my reply helpful?
If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?

Re: Removal of MS exclusions in ENS policies (Let McAfee Decide) - guidance required on stakeholder

Jump to solution

Thanks Chealey,

Understood regards the exclusions listed.

Just to confirm and close out - if there is an MS exclusion configured, and it is *not* listed in the KB66909 article (and related articles), I should leave those configured, correct?

McAfee Employee chealey
McAfee Employee
Report Inappropriate Content
Message 4 of 4

Re: Removal of MS exclusions in ENS policies (Let McAfee Decide) - guidance required on stakeholder

Jump to solution

Correct 🙂

Was my reply helpful?
If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?
More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community