cancel
Showing results for 
Search instead for 
Did you mean: 

SetupHost.exe (Windows Update) definition as low Risk process recommend?

Jump to solution

Hello together,

when updating our  W10-Clients to 1809 we encounterd massive CPU-Usage caused by ENS 10.6.1 scanning the setupHost.exe. For testing we definded the setupHost.exe as a low risk process in the OnAccessScanner policy. This worked well to reduce the CPU utilisation and made the update process much faster. Should we take this setting in production or is this not recommended?

What is your opinion or suggestion?

 

greets,

Joerg

1 Solution

Accepted Solutions
McAfee Employee jess_arman
McAfee Employee
Report Inappropriate Content
Message 3 of 3

Re: SetupHost.exe (Windows Update) definition as low Risk process recommend?

Jump to solution

@JoergAulenbach Personally, I would say no, it would not likely be an advisable exclusion to have always implemented into production as it's a generic name and a potentially exploitable process. If the exclusion were something to be added in a special policy set that only gets applied when scheduled Windows Updates are going to be run....that would be much more reasonable. It would also need to be a process exclusion which calls out the full expected path location in efforts to be the "most secure". Less exclusions is always better, so implementing it only when needed fits that idealism.

Opinions aside, chealey is correct in her recommendations that we defer to the vendor recommended exclusions as they will know what is best for allowing their software to run efficiently in the presence of AV---the only "McAfee recommended" settings are what is included in "McAfee Default" policy. 

 

Was my reply helpful?

If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?

2 Replies
McAfee Employee chealey
McAfee Employee
Report Inappropriate Content
Message 2 of 3

Re: SetupHost.exe (Windows Update) definition as low Risk process recommend?

Jump to solution

Recommendations for 3rd party software should always come from the vendor of the application. We would be unable to advise if it is safe to exclude this process or not. In this case you'd be looking at MS recommended exclusions. As far as I'm aware this isn't one of their usual recommended exclusions so you'd need to contact them to get a recommendation.

Was my reply helpful?
If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?
McAfee Employee jess_arman
McAfee Employee
Report Inappropriate Content
Message 3 of 3

Re: SetupHost.exe (Windows Update) definition as low Risk process recommend?

Jump to solution

@JoergAulenbach Personally, I would say no, it would not likely be an advisable exclusion to have always implemented into production as it's a generic name and a potentially exploitable process. If the exclusion were something to be added in a special policy set that only gets applied when scheduled Windows Updates are going to be run....that would be much more reasonable. It would also need to be a process exclusion which calls out the full expected path location in efforts to be the "most secure". Less exclusions is always better, so implementing it only when needed fits that idealism.

Opinions aside, chealey is correct in her recommendations that we defer to the vendor recommended exclusions as they will know what is best for allowing their software to run efficiently in the presence of AV---the only "McAfee recommended" settings are what is included in "McAfee Default" policy. 

 

Was my reply helpful?

If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?

McAfee ePO Support Center Plug-in
Check out the new McAfee ePO Support Center. Simply access the ePO Software Manager and follow the instructions in the Product Guide for the most commonly used utilities, top known issues announcements, search the knowledgebase for product documentation, and server status and statistics – all from within ePO.