cancel
Showing results for 
Search instead for 
Did you mean: 

How can we exclude some servers from Agentless Policies/Scanning?

/P         
Hi Guys,

I need to exclude some virtual servers from agentless policy/scan. I dont want Agentless SCAN/SVA policy to be applied on some servers in my Vmware Infra.

Just to let you know I have all VM's updated with vShield Drivers(Vmtool).

Is there any way we can implement this?

Any comment will be highly apprieciated.

Thanks in advance!!

Regards,

Pankaj BM

9 Replies
rajinp McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 10

Re: How can we exclude some servers from Agentless Policies/Scanning?

Do you want to exclude servers itself from scanning ?

Re: How can we exclude some servers from Agentless Policies/Scanning?

Hi,

Yes!! I am planning to have VSE on some SQL/Exchage Servers, and dont want Agentless SCAN policy on these servers.

If both product will scan servers then we may face some critical performance issues.

Regards,

Pankaj BM

rajinp McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 4 of 10

Re: How can we exclude some servers from Agentless Policies/Scanning?

Ok got it. you have to just uninstall vsepflt driver from these systems.

Re: How can we exclude some servers from Agentless Policies/Scanning?

Thank you Rajinp

Is there anything that can be done from EPO?

Regards,

Pankaj BM

Troja Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 6 of 10

Re: How can we exclude some servers from Agentless Policies/Scanning?

Have you tested vm-based scan configuration??

3.6.0: MOVE AV Agentless -> Scan Settings -> VM-based scan configuration: Enabled.

Just build a Scan policy for a host where scanning is disabled.

I have not tested it, but perhaps it works.

If it works, please let us know.

Cheers

rajinp McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 7 of 10

Re: How can we exclude some servers from Agentless Policies/Scanning?

The PPVM feature is for Agentless. If you start using this feature for running VSE, will be very confusing later. So better would be to unnistall the vsepflt driver.

rajinp McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 8 of 10

Re: How can we exclude some servers from Agentless Policies/Scanning?

No way from ePO.

Troja Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 9 of 10

Re: How can we exclude some servers from Agentless Policies/Scanning?

@rajinp,

if Move Agentless is in place we just have two options.

-removing the VMCI Drivers from the VmWare Tools.

- Disabling SVA scanning on SVA

There is no McAfee product installed on the endpoint when using vShield endpoint, therefore the only option is to disable scanning for a virtual system on SVA. If this works, from my side, anything could be managed by EPO.

Highlighted
rajinp McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 10 of 10

Re: How can we exclude some servers from Agentless Policies/Scanning?

I did mention to remove the vsepflt driver so that you can remove the delay in scanning when you have 2 drivers - one from vmware and one by VSE. If that is ok, then go by your approach.

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community