MOVE agentless (VMware environment using NSX with Guest Instrospection)
I have problems with a Linux server when it runs a script that uses rsync. The VM seems to basically lock up when the script runs.
What might be the best approach? Exclude the rsync process from the OAS policies and/or the content that is compared (mirrored)?
Thank you for posting here. If I understand correctly you are using rsync app on a Linux server and when the scanning is enabled the server is practically unusable.
I hope you have tried disabling vsepd driver or adding the machine into exclusion folder and check the status. If adding the exclusion has worked fine then you can add the File/Folder related to rsync into AV exclusions.
There is no Process Exclusions for Agentless as we do not have any driver of McAfee on the machine itself. However if you can add the File/Folder into exclusion which rsync is touching then the issue should be resolved.
Additionally, if you are not aware what are the File/Folder has been touched during the issue then you can run the Scan Diagnostic Task on the respective SVA where that Linux machine is reporting. Then re-create the issue at the Linux machine. Take the output of the Scan Diagnostic and check what are the File/Folder has been listed. Check the article https://docs.mcafee.com/bundle/move-antivirus-4.8.0-product-guide/page/GUID-080079AE-9F84-424D-A163-... for more information
Yes, I've disabled the vsepd driver on the VM so the issue stopped.
Can you confirm that Process Exclusions for Agentless is not supported for all operating systems? It makes sense it's not supported, but I guess I never knew that.
We have Windows, Red Hat and Ubuntu VMs. I'd like to make sure we can't exclude a process on all of these.
Yes. I can confirm that for MOVE-AGL Process exclusions not supported for any OS. We cannot control the process behavior on remote machine because we do not have any of our driver running on the machine locally.
Article https://kc.mcafee.com/corporate/index?page=content&id=KB83964 talks about the same.
Are there no Low-Risk Processes with MOVE Agentless because of a lack of support in the vShield Endpoint?
Yes. It is a VMware Endpoint limitation.