cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Galaxis
Level 9
Report Inappropriate Content
Message 1 of 4

Scan Exclusions: Determine Number of Excluded Files.

Jump to solution

Hello, when executing an On-Demand Scan (ODS) scan that has a folder exclusion specified in "Exclusions" sect, trying to determine if there's a log or report that tells me how many files were excluded in that scan - initiated both via:

  • Sending a "run" cmd for a client task from ePo admin console to a managed endpoint, or
  • Running a "Scan System" in the client ENS tool directly on the endpoint itself.

I looked in the McAfee ODS log and it shoots a summary; I know one scan type above is tasked-based, the other policy-based, but seem to produce the same summary, like:

Files scanned : 248929
Files with detections : 0
Files cleaned : 0
Files deleted : 0
Files not scanned : 0
Registry objects scanned: 0
Registry detections : 0
Registry objects cleaned: 0
Registry objects deleted: 0
Run time : 0:04:25
Scan completed <srvr> Full Scan (0:04:25)

"Files Not Scanned" for example, doesn't seem to be what we're looking for (not for exclusions).  We did notice however, that "Files Scanned" was a smaller number when an exclusion was specified, reduced by the number of files in the excluded folder.  We're trying to test whether the exclusions are working, and so far, we've had to do math: count the files in the folder being excluded, run baseline scan get initial count returned, apply the folder exclusion, do another scan and see whether that final count = original scan - files in excluded folder.

Thx!

1 Solution

Accepted Solutions
AdithyanT
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 4

Re: Scan Exclusions: Determine Number of Excluded Files.

Jump to solution

Hi @Galaxis,

Thank you for your post.

The Files not scanned attribute does work to show up exclusion, however in an ideal scenario, we would expect only excluded files count to show up there and in a a situation where File scan failures may also contribute to the count, the numbers may vary.

Having said that, The number of Files scanned part is a bit tricky. It does not necessarily point to just an individual file. If an xls file, contains an embedded script in it, we are looking at 2 files scanned (the xls file and the embedded, let's say, a .js file in it!) when only one file is scanned the first time.

However, the option where Scan cache is enabled, the immediate scan you run on the same folder would return only one file, as the object with in it being scanned as the file itself should have a cached entry within our product.

If files not scanned do not show up a count of files when you run an ODS with exclusions in it, I would recommend having a Support ticket created for investigation.

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Thanks and regards,
Adithyan T

View solution in original post

3 Replies
AdithyanT
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 4

Re: Scan Exclusions: Determine Number of Excluded Files.

Jump to solution

Hi @Galaxis,

Thank you for your post.

The Files not scanned attribute does work to show up exclusion, however in an ideal scenario, we would expect only excluded files count to show up there and in a a situation where File scan failures may also contribute to the count, the numbers may vary.

Having said that, The number of Files scanned part is a bit tricky. It does not necessarily point to just an individual file. If an xls file, contains an embedded script in it, we are looking at 2 files scanned (the xls file and the embedded, let's say, a .js file in it!) when only one file is scanned the first time.

However, the option where Scan cache is enabled, the immediate scan you run on the same folder would return only one file, as the object with in it being scanned as the file itself should have a cached entry within our product.

If files not scanned do not show up a count of files when you run an ODS with exclusions in it, I would recommend having a Support ticket created for investigation.

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Thanks and regards,
Adithyan T

View solution in original post

Galaxis
Level 9
Report Inappropriate Content
Message 3 of 4

Re: Scan Exclusions: Determine Number of Excluded Files.

Jump to solution

Hello @AdithyanT, the for the info, good to know.  Looks like we'll need to open a ticket; not only do we not see excluded files there, the only time we ever see anything in "Files not scanned" is when we do a "Right-click" ODS scan - and then the count is always in that field, exclusion or not.

Reading some other Support forum posts, seems like "File not scanned" is unrelated to the cache; the user had that feature turned off and still had a significant count there.  Is there a way to clear that cache say, for testing purposes?  We want the setting enabled in production, but would like the testers to be able to clear the cache in our in-house envs, to produce consistent test results on reruns.

Thx!

AdithyanT
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 4 of 4

Re: Scan Exclusions: Determine Number of Excluded Files.

Jump to solution

Hi @Galaxis,

Thank you or your prompt response.

Excellent points there! It would be definitely something we would have validated via our Engineering team internally via the Service Request. However, Based on my testing with the Scan cache on Full scan performed on a locally configured scan on Endpoint Client UI, I can confirm that turning on and turning off cache (toggling cache settings) seemingly clears off the cache results thereby warranting a scan again on the files I scan using a locally created Full Scan.

Also, I can confirm that having cache turned OFF should result in higher count under Files scanned (as we don't skip the Files and it's embedded objects!) while having Cache ON, would result in cached files/objects skipped resulting a lesser count. Honestly, This is one of those things that would require an official explanation from the designers just to be sure and hence a Service Request would clarify these for us.

Apologies if My testing and results have not been entirely helpful to you here.

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Thanks and regards,
Adithyan T
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community