cancel
Showing results for 
Search instead for 
Did you mean: 

Can you exclude an entire drive from being scanned by OAS?

Is it possible to exclude an entire drive letter (ie:  E:\) from being scanned by the OAS in VSE 8.8.x?

We currently have the "low" and "high" scan settings, so I can't remember if the General settings kick in or not or combine with what you specify in low/high risk processes.  But the General Setting is the only spot I can see "Exclusions" for to define a drive letter (the rest is by process, of course)

3 Replies

Re: Can you exclude an entire drive from being scanned by OAS?

Either VSE uses the On Access General Settings -or- it uses High/Low Risk AND General. Everything always is affected by general unless it is named process listed in the low or high risk groups.

Now that's out of the way, why on Earth would you do something crazy enough to exclude an entire drive? From a security perspective that's a horrible idea.

Re: Can you exclude an entire drive from being scanned by OAS?

Hi Peter,

So from a TECHNICAL perspective, I'd just put in say:

E:\*

as an exclusion?

Now, as to why?

I'm only being asked this by one of our Windows Admins if it's doable.  I agree, bad policy, but perhaps they want to use a dedicated swap drive it's holding an MS SQL database or something.

I mean, if you look at the VSE and MS KB articles, you'll see that there's a LOT of exclusions that are "bad security" policy, but are necessary for things like SQL, Exchange, etc. to function properly.

Re: Can you exclude an entire drive from being scanned by OAS?

No technically those "bad security" policies aren't required. They are suggested by Microsoft who writes exclusions for legions of AV products. But if you use our Profiler tool you will see that we don't scan the contents of those swap drives for standard things like SQL and Exchange. Writing those exclusions is 100% pure unadulterated placebo. Go use the Profiler tool and prove it to yourself.

And the exclusion would be e:\. No extra stars are necessary. I you mean a directory then the last character is always the trailing slash.

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community