cancel
Showing results for 
Search instead for 
Did you mean: 

VSE ODS scan exclusions /scan set up

Jump to solution

Hi experts 

Do we have any specific ODS scan setting for SQL servers? Let me know if any KB available ? 

Does McAfee scan ldf/MDF/NDF files during the ODS scan? 

Do we need to add any exclusion for MDF/LDF files in ODS exclusions? 

Is it recommended to uncheck the scan archive files option in ODS task? 

in our environment we ODS scanning lot of large zip files during the ODS and takign long time to complete. VSE 8.8 patch  9/ P11/P13 are  installed. 

Appreciate your help . 

Thanks 

Dileep 

On demand scan #virus scan 

 

1 Solution

Accepted Solutions
Highlighted
McAfee Employee AdithyanT
McAfee Employee
Report Inappropriate Content
Message 2 of 3

Re: VSE ODS scan exclusions /scan set up

Jump to solution

Hi @dileepvn 

Thank you for your post. Let me try answering your questions here.

First: 

Do we have any specific ODS scan setting for SQL servers? Let me know if any KB available ? 

Does McAfee scan ldf/MDF/NDF files during the ODS scan? 

Do we need to add any exclusion for MDF/LDF files in ODS exclusions? 


Since SQL is managed by Microsoft, exclusions to AV are also recommended by Microsoft. Meaning, We from McAfee would not recommend creating exclusions for anything unless support faces an explicit requirement to do so from the Customer. Hence we would always got with the Vendor and assist you with adding the exclusions. I am sure you would find this KBA useful in understanding the exclusions we can add for SQL servers.

I short, we do not decide "What to add". We only show "how to add" the exclusions using our product.

Here is Microsoft's recommendations for your kind reference.

 

Moving on to the second part of the question:

Is it recommended to uncheck the scan archive files option in ODS task? 

in our environment we ODS scanning lot of large zip files during the ODS and taking long time to complete. VSE 8.8 patch  9/ P11/P13 are  installed. 


 These are excellent questions TBH. Scanning of archives will definitely consume more time than normal. Un-checking archive scan is not a recommendation per se, but it is more fun to understand the logic behind archive scan and to make an informed decision of whether to enable it or not.

Directly quoting from this KBA:

Scanning an archive file type requires the product feature setting for Archive scanning to be enabled. If enabled, this flag is included in the scan request when telling the scan engine to scan the file object. If it is not enabled, the file object is still scanned, but not its contents.

NOTES:

  • When the Archive scanning option is enabled, archive files are scanned 'in memory' by the scan engine (nothing is written to disk).
  • Scanning of the archive file when Archive scanning is not enabled, can result in a detection. In that scenario the 'wrapper' for the archive is what is scanned and determined infected, not the contents. The contents would still require scanning to verify that the contents are clean.
  • Contents of archives are scanned by the real-time scanner when they are extracted to disk.

 

Going by the above logic, Archive files are eventually required to be extracted before the actual files are used. and Extraction process will involve writing the files to the disk from the archived location and also reading the files from the archive itself.

Hence we are looking at a "access" operation which should definitely be taken care of "on-access" scanning feature. This is again well explained here.

I sincerely hope this helps!

Was my reply helpful?
If you find this post useful, Please give it a Kudos! l Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Thanks and regards,
Adithyan T
2 Replies
Highlighted
McAfee Employee AdithyanT
McAfee Employee
Report Inappropriate Content
Message 2 of 3

Re: VSE ODS scan exclusions /scan set up

Jump to solution

Hi @dileepvn 

Thank you for your post. Let me try answering your questions here.

First: 

Do we have any specific ODS scan setting for SQL servers? Let me know if any KB available ? 

Does McAfee scan ldf/MDF/NDF files during the ODS scan? 

Do we need to add any exclusion for MDF/LDF files in ODS exclusions? 


Since SQL is managed by Microsoft, exclusions to AV are also recommended by Microsoft. Meaning, We from McAfee would not recommend creating exclusions for anything unless support faces an explicit requirement to do so from the Customer. Hence we would always got with the Vendor and assist you with adding the exclusions. I am sure you would find this KBA useful in understanding the exclusions we can add for SQL servers.

I short, we do not decide "What to add". We only show "how to add" the exclusions using our product.

Here is Microsoft's recommendations for your kind reference.

 

Moving on to the second part of the question:

Is it recommended to uncheck the scan archive files option in ODS task? 

in our environment we ODS scanning lot of large zip files during the ODS and taking long time to complete. VSE 8.8 patch  9/ P11/P13 are  installed. 


 These are excellent questions TBH. Scanning of archives will definitely consume more time than normal. Un-checking archive scan is not a recommendation per se, but it is more fun to understand the logic behind archive scan and to make an informed decision of whether to enable it or not.

Directly quoting from this KBA:

Scanning an archive file type requires the product feature setting for Archive scanning to be enabled. If enabled, this flag is included in the scan request when telling the scan engine to scan the file object. If it is not enabled, the file object is still scanned, but not its contents.

NOTES:

  • When the Archive scanning option is enabled, archive files are scanned 'in memory' by the scan engine (nothing is written to disk).
  • Scanning of the archive file when Archive scanning is not enabled, can result in a detection. In that scenario the 'wrapper' for the archive is what is scanned and determined infected, not the contents. The contents would still require scanning to verify that the contents are clean.
  • Contents of archives are scanned by the real-time scanner when they are extracted to disk.

 

Going by the above logic, Archive files are eventually required to be extracted before the actual files are used. and Extraction process will involve writing the files to the disk from the archived location and also reading the files from the archive itself.

Hence we are looking at a "access" operation which should definitely be taken care of "on-access" scanning feature. This is again well explained here.

I sincerely hope this helps!

Was my reply helpful?
If you find this post useful, Please give it a Kudos! l Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Thanks and regards,
Adithyan T

Re: VSE ODS scan exclusions /scan set up

Jump to solution

Thanks @AdithyanT 

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community