cancel
Showing results for 
Search instead for 
Did you mean: 
Winston
Level 9
Report Inappropriate Content
Message 1 of 10

McAfee MOVE AV [Multi-Platform] Path Exclusions & Process Exclusions

Jump to solution

I am trying to understand how the "path exclusions" and "process exclusions" in McAfee Move AV [Multi-Platform] works! Is this where I include the vendor recommended AV exclusions?

1 Solution

Accepted Solutions
McAfee Employee dsabulsky
McAfee Employee
Report Inappropriate Content
Message 4 of 10

Re: McAfee MOVE AV [Multi-Platform] Path Exclusions & Process Exclusions

Jump to solution

Hello Winston:

You asked if "..Is this where I include the vendor recommended AV exclusions?".   The short answer is yes, this is where you would apply your AV exclusions.

I've also supplied the following which should assist you in creating the exclusions for the version of MOVE AV 2.6 that you are using.

McAfee MOVE AV 2.6 Multiplatform Patch 1 does not currently support the use of wildcards.  Please use the following syntax examples to correctly create the exclusions that are needed for your configuration.

McAfee MOVE Antivirus – Path and Process exclusion examples.  

McAfee MOVE 2.5 & 2.6 Agentless does not support the use of wildcards or environment variables.  No wildcarding syntax is allowed. 

The exclusion list is a pattern match, so "\test.docx" excludes any path that includes that string and "\Temp\" excludes any path that includes that string.

NOTE: All sub-folders are also excluded.

Here are some examples:

*NOT* Support syntax

Supported Syntax

**\Temp\**

\Temp\

**\test.docx

\test.docx

%windir%

c:\windows\system32\

\windows\system32\ 

\system32\

*.pdf

.pdf

Please note:  MOVE AV 2.6 Multiplatform Patch 2 will add full VirusScan Enterprise style wildcard exclusion support.  This new feature also includes the ability to export the VirusScan Enterprise exclusion policy and import them directly into the MOVE AV 2.6 Multiplatform policy from the ePO Server.

The Patch 2 update also adds support for ePO 5.0 and the McAfee Agent 4.8.

The MOVE AV 2.6 Multiplatform Patch 2 is expected to be released in Q1-2013 (March).

9 Replies
Highlighted
mbauman8
Level 11
Report Inappropriate Content
Message 2 of 10

Re: McAfee MOVE AV [Multi-Platform] Path Exclusions & Process Exclusions

Jump to solution

Hi Winston,

I know 2 ways:

1: Exclude files on offloadscanner like normal excludes (OAS - Low/High and Default excludes) --> Exclude there if necessary

2: Exclude of sending files to the Offload scanner. -->  in MOVE AV [Multi-Platform] Client 2.6.0:MOVE AV [Multi-Platform] > General > Policy = in "scan items" (Don`t exclude there)

As Tipp:

Create a scheduled task for a on-demand scan overnight, after the DAT update is released, on the "offload scanner server system". So in the scan cache the system files are allreaddy cached. It makes it much quicker thrue the day.

What else is not clear?

Hope it helps

Martin

Nachricht geändert durch mbauman8 on 20.02.13 13:06:38 CST
Winston
Level 9
Report Inappropriate Content
Message 3 of 10

Re: McAfee MOVE AV [Multi-Platform] Path Exclusions & Process Exclusions

Jump to solution

I really appreciate the time you took to respond to my questions.  I must admit, I am entirely sure that I fully grasp your recommendations, for example, in 1: "Exclude files on offload scanner like normal exclude". Normal to me means modify the exclusions in the assigned policy groups under "on-access default processes policies". Is this what you are referencing? I was under the impression MOVE exclusions were solely confined to the MOVE AV [Multi-Platform] > General > Scan Items > Path Exclusions & Process Exclusions. You are recommending that we don't use this path, which is different from what I was previously told.

McAfee Employee dsabulsky
McAfee Employee
Report Inappropriate Content
Message 4 of 10

Re: McAfee MOVE AV [Multi-Platform] Path Exclusions & Process Exclusions

Jump to solution

Hello Winston:

You asked if "..Is this where I include the vendor recommended AV exclusions?".   The short answer is yes, this is where you would apply your AV exclusions.

I've also supplied the following which should assist you in creating the exclusions for the version of MOVE AV 2.6 that you are using.

McAfee MOVE AV 2.6 Multiplatform Patch 1 does not currently support the use of wildcards.  Please use the following syntax examples to correctly create the exclusions that are needed for your configuration.

McAfee MOVE Antivirus – Path and Process exclusion examples.  

McAfee MOVE 2.5 & 2.6 Agentless does not support the use of wildcards or environment variables.  No wildcarding syntax is allowed. 

The exclusion list is a pattern match, so "\test.docx" excludes any path that includes that string and "\Temp\" excludes any path that includes that string.

NOTE: All sub-folders are also excluded.

Here are some examples:

*NOT* Support syntax

Supported Syntax

**\Temp\**

\Temp\

**\test.docx

\test.docx

%windir%

c:\windows\system32\

\windows\system32\ 

\system32\

*.pdf

.pdf

Please note:  MOVE AV 2.6 Multiplatform Patch 2 will add full VirusScan Enterprise style wildcard exclusion support.  This new feature also includes the ability to export the VirusScan Enterprise exclusion policy and import them directly into the MOVE AV 2.6 Multiplatform policy from the ePO Server.

The Patch 2 update also adds support for ePO 5.0 and the McAfee Agent 4.8.

The MOVE AV 2.6 Multiplatform Patch 2 is expected to be released in Q1-2013 (March).

Winston
Level 9
Report Inappropriate Content
Message 5 of 10

Re: McAfee MOVE AV [Multi-Platform] Path Exclusions & Process Exclusions

Jump to solution

On final thing... is the "\" at the end of the path signicant?

mbauman8
Level 11
Report Inappropriate Content
Message 6 of 10

Re: McAfee MOVE AV [Multi-Platform] Path Exclusions & Process Exclusions

Jump to solution

I gess it is like on vse:

c:\srv\test will exclude file test

c:\srv\test\ will exclude folder test

without ,\' MOVE translat it as --- > file NOT folder

on 05.03.13 12:15:20 CST
Winston
Level 9
Report Inappropriate Content
Message 7 of 10

Re: McAfee MOVE AV [Multi-Platform] Path Exclusions & Process Exclusions

Jump to solution

Your answer is exactly what my  colleague assumed. "\" to denote directories. I was a little indifferent and was hoping that either optioned worked. The MOVE documentation is not very clear on serveral points. Thanks again.

McAfee Employee dsabulsky
McAfee Employee
Report Inappropriate Content
Message 8 of 10

Re: McAfee MOVE AV [Multi-Platform] Path Exclusions & Process Exclusions

Jump to solution

The ending "\" only adds additional pattern to be matched.  For MOVE AV 2.6 Multiplatform Patch 1 it doesn't really matter.

The MOVE AV 2.6 Multiplatform Patch 1 doesn't not know that the pattern is a folder or a file, it is only a pattern to be matched.

Re: McAfee MOVE AV [Multi-Platform] Path Exclusions & Process Exclusions

Jump to solution

Is there a list of Process exclusions and Path Exclusions? I cannot find anything with specfic exclusions to look for.

Re: McAfee MOVE AV [Multi-Platform] Path Exclusions & Process Exclusions

Jump to solution
More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community