We are modifying our existing Default VS policy with High / Low / Default policies.
It's clear about Low risk process policy, where we add all trusted processes and for most of the applications / servers no scanning is performed with Low risk policies.
But for High / Default policies everyone including McAfee support & forum discussions () asked to exclude the same set of exclusions (file / folder exclusions for Windows / AD / SQL / Exchange etc.), which makes no sense. If we do so, then as per our understanding, there is no need for 3 different process policies, 2 are enough like Default & Low risk, then make file / folder exclusions with default policy, and add processes (trusted process for McAfee, Exchange, SQL etc) with Low risk process policy and disable the scanning for these process.
Can someone explain in what perspective McAfee is saying to exclude the same set of exclusions with High / Default (It makes more sense if we do the file / folder exclusions just with default process policy and add trusted process with low risk policy)
Thanks in advance
You would only put the exclusions in High + Default if -
a) You wanted to
b) You were not sure which of the two profiles need the exclusion
It would not be a "best practice" to put the exclusion in both profiles unless it was needed in both profiles.
Thank You Warren
But still I wait to get an update from someone who did similar exclusions (for AD / Exchange 2010 / SQL / Sharepoint etc) and eager to know whether they did the exclusions with both high & default profiles