cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

OAS - excluding rsync

MOVE agentless (VMware environment using NSX with Guest Instrospection)

I have problems with a Linux server when it runs a script that uses rsync.  The VM seems to basically lock up when the script runs.

What might be the best approach?  Exclude the rsync process from the OAS policies and/or the content that is compared (mirrored)?

4 Replies
patrakshar
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 5

Re: OAS - excluding rsync

Hello @marco_shaw 

Thank you for posting here. If I understand correctly you are using rsync  app  on a Linux server and when the scanning is enabled the server is practically unusable. 

I hope you have tried disabling vsepd driver or adding the machine into exclusion folder and check the status. If adding the exclusion has worked fine then you can add the File/Folder related to rsync  into AV exclusions.

There is no Process Exclusions for Agentless as we do not have any driver of McAfee on the machine itself. However if you can add the File/Folder into exclusion which rsync  is touching then the issue should be resolved.

Additionally, if you are not aware what are the File/Folder has been touched during the issue then you can run the Scan Diagnostic Task on the respective SVA where that Linux machine is reporting. Then re-create the issue at the Linux machine. Take the output of the Scan Diagnostic and check what are the File/Folder has been listed. Check the article https://docs.mcafee.com/bundle/move-antivirus-4.8.0-product-guide/page/GUID-080079AE-9F84-424D-A163-... for more information

Re: OAS - excluding rsync

Yes, I've disabled the vsepd driver on the VM so the issue stopped.

Can you confirm that Process Exclusions for Agentless is not supported for all operating systems?  It makes sense it's not supported, but I guess I never knew that.

We have Windows, Red Hat and Ubuntu VMs.  I'd like to make sure we can't exclude a process on all of these.

patrakshar
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 4 of 5

Re: OAS - excluding rsync

Yes. I can confirm that for MOVE-AGL Process exclusions not supported for any OS. We cannot control the process behavior on remote machine because we do not have any of our driver running on the machine locally. 

 

patrakshar
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 5 of 5

Re: OAS - excluding rsync

Article https://kc.mcafee.com/corporate/index?page=content&id=KB83964 talks about the same.

 

Are there no Low-Risk Processes with MOVE Agentless because of a lack of support in the vShield Endpoint?
Yes. It is a VMware Endpoint limitation.

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community