cancel
Showing results for 
Search instead for 
Did you mean: 

SetupHost.exe (Windows Update) definition as low Risk process recommend?

Jump to solution

Hello together,

when updating our  W10-Clients to 1809 we encounterd massive CPU-Usage caused by ENS 10.6.1 scanning the setupHost.exe. For testing we definded the setupHost.exe as a low risk process in the OnAccessScanner policy. This worked well to reduce the CPU utilisation and made the update process much faster. Should we take this setting in production or is this not recommended?

What is your opinion or suggestion?

 

greets,

Joerg

1 Solution

Accepted Solutions
McAfee Employee jess_arman
McAfee Employee
Report Inappropriate Content
Message 3 of 3

Re: SetupHost.exe (Windows Update) definition as low Risk process recommend?

Jump to solution

@JoergAulenbach Personally, I would say no, it would not likely be an advisable exclusion to have always implemented into production as it's a generic name and a potentially exploitable process. If the exclusion were something to be added in a special policy set that only gets applied when scheduled Windows Updates are going to be run....that would be much more reasonable. It would also need to be a process exclusion which calls out the full expected path location in efforts to be the "most secure". Less exclusions is always better, so implementing it only when needed fits that idealism.

Opinions aside, chealey is correct in her recommendations that we defer to the vendor recommended exclusions as they will know what is best for allowing their software to run efficiently in the presence of AV---the only "McAfee recommended" settings are what is included in "McAfee Default" policy. 

 

Was my reply helpful?

If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?

2 Replies
McAfee Employee chealey
McAfee Employee
Report Inappropriate Content
Message 2 of 3

Re: SetupHost.exe (Windows Update) definition as low Risk process recommend?

Jump to solution

Recommendations for 3rd party software should always come from the vendor of the application. We would be unable to advise if it is safe to exclude this process or not. In this case you'd be looking at MS recommended exclusions. As far as I'm aware this isn't one of their usual recommended exclusions so you'd need to contact them to get a recommendation.

Was my reply helpful?
If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?
McAfee Employee jess_arman
McAfee Employee
Report Inappropriate Content
Message 3 of 3

Re: SetupHost.exe (Windows Update) definition as low Risk process recommend?

Jump to solution

@JoergAulenbach Personally, I would say no, it would not likely be an advisable exclusion to have always implemented into production as it's a generic name and a potentially exploitable process. If the exclusion were something to be added in a special policy set that only gets applied when scheduled Windows Updates are going to be run....that would be much more reasonable. It would also need to be a process exclusion which calls out the full expected path location in efforts to be the "most secure". Less exclusions is always better, so implementing it only when needed fits that idealism.

Opinions aside, chealey is correct in her recommendations that we defer to the vendor recommended exclusions as they will know what is best for allowing their software to run efficiently in the presence of AV---the only "McAfee recommended" settings are what is included in "McAfee Default" policy. 

 

Was my reply helpful?

If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community