My question revolves around General On-Access Policy against High-Risk and Low Risk On-access policy. We need to exclude some inventory processes from being scanned, not only the files themselves but the process as it touches files.
Right now I only use general on-access policies for everything with some folders excluded. If I set the low risk policy to exclude all the inventory processes, does it just ignore the general on access policy all together with that turned on or can I just add the process exclusion and it works in conjunction with the genral? If anyone has done this or could give me some guidance or best practices I would appreciate it.
If you add the process to the list in "On-Access Low-Risk Processes Policies" any files it opens will not be scanned (if you have configured the "On-Access Low-Risk Processes Policy" accordingly). Any files opened by other processes will be scanned accordingly to the settings in the "On-Access Default Processes Policy" (or "On-Access High-Risk Processes Policies" if you added the process there).
You will have to duplicate any folder exclusions to other process policies if you configured them to scan files. If you don't scan files in "On-Access Low-Risk Processes Policies" you will not need to add folder exclusions - the folders won't be scanned by these processes anyway.
In the "On-Access General Policies " you cannot configure any exclusions.