cancel
Showing results for 
Search instead for 
Did you mean: 

MOVE Agentless For Exchange 2013

Hi Guys,

Has anyone deployed MOVE Agentless in an environment where you're running Exchange 2013. I've deployed MOVE and now I want to deploy it on ESXi host where I have Exchange 2013 running without any Anti-Virus.

Do I need to add Exchange Exclusions in MOVE AV Scan Policies in ePO for SVA?

Regards,

MQ

9 Replies
Reliable Contributor Troja
Reliable Contributor
Report Inappropriate Content
Message 2 of 10

Re: MOVE Agentless For Exchange 2013

Hi,

yes, AV exclusions for Exchange 2013 are absolutely important. Otherwise the performance breaks down completely.

There is a Microsoft Knowledgebase Article available where you can take a look at the recommended AV exclusions.

http://technet.microsoft.com/en-us/library/bb332342%28v=exchg.150%29.aspx

After activation take a look at the load of SVA or scantimeout events on EPO. If the exclusions are configured in the right way, there should be no problem.

Cheers

Highlighted

Re: MOVE Agentless For Exchange 2013

Thanks for the quick reply. I'll configure it and will update how it went.

Cheers

Re: MOVE Agentless For Exchange 2013

Hi Troja/Mobin,

I am in the process of configuring SCAN and SVA Policy, and just trying
consolidating all the exclusions for Database/Exchange/Domino/VDI/XEN/Domain
controllers/Application servers.

Could you please suggest what will be best practices or best solutions to
deal with below two-

To put all the exclusions together and use default policy

or need to have separate scan policy according to server infra.

SCAN Policy.JPG

Thanks

Pankaj BM

Reliable Contributor Troja
Reliable Contributor
Report Inappropriate Content
Message 5 of 10

Re: MOVE Agentless For Exchange 2013

Hi Pankajbm,

it depends, because process exclusions are not possible if using Move agentless with vShield

Normally we try to figure out if the installed systems at the customer are all installed in the same way or not. This means, e.g. is there always the same directory used for exchange installation or not?

If there to many different installation paths we are splitting the policy for any kind of server (DC, SQL, MXS) and so on. If the systems are installed in the same way we try to manage any exclusion with one policy.

Cheers

Re: MOVE Agentless For Exchange 2013

Thanks Troja for your reply

if all our systems not installed in the same way(not same directory) then we
need to have separate policy- is it right?

In my case there probably different drive installation been used based on
server role.

I think best option would be creating separate policy according to server
role(DC,SQL,Oracle,MSX) but again this have to perform carefully by considering
policy assignment.

Thanks

Pankaj BM

Reliable Contributor Troja
Reliable Contributor
Report Inappropriate Content
Message 7 of 10

Re: MOVE Agentless For Exchange 2013

Hi,

there are many different ways to meet your requirements. I just try to make not too many exclusions in one policy.

If there are so may different systems different policies make sense.

Optional, if you have several different systems take a look at the "per VM policy" in vhshield. 🙂

Cheers

Re: MOVE Agentless For Exchange 2013

Thank you Troja!! its a great help

Re: MOVE Agentless For Exchange 2013

Hi Guys,

Sorry I am jumping back on this discussion

As you aware there is group shield product is being used for exchange, so if we move our exchange on agentless solution.

Then the question will raise whether agentless will completely replace Groupshield, becouse GS has its lot of settings and configurations in terms of exchange policies.

Now, McAfee also replaced GS with MSME.

has someone implemented Agentless for exchange in their environment?

Thanks

PankajBM

Reliable Contributor Troja
Reliable Contributor
Report Inappropriate Content
Message 10 of 10

Re: MOVE Agentless For Exchange 2013

Hi,

no, Move Agentless and GSE are two completely different products and approcaches.

In your case.

- Move Agentless is scanning any file on the virtual disk (instead of VSE)

- GSE is only for scanning e-mail content within MXS server. If you install the McAfee Agent you can manage GSE with EPO.

Cheers

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator