cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Former Member
Not applicable
Report Inappropriate Content
Message 1 of 7

Low-Risk On access confusion

Hi, I'm trying to setup a Low Risk policy on my network but I found it is quite confusing on how to implement the policy. I can see when trying to create the policy there are 2 tabs, Low-Risk Processes and Exclusions. What are the significances of these two? How are they related? Say, I want to exclude a process called "agent.exe" from being scanned. How should I place it in the policy?

I need community help on this, I've read multiple KB related to this but till now I still confused.

 

AA

6 Replies
Former Member
Not applicable
Report Inappropriate Content
Message 2 of 7

Re: Low-Risk On access confusion

Hello @Former Member 

Thanks for your post.

I would like to request you to please refer the below link:

https://docs.mcafee.com/bundle/endpoint-security-10.5.0-threat-prevention-product-guide-epolicy-orchestrator-windows/page/GUID-E09FAE5A-595C-43B5-9FA1-E2C69A42A332.html

https://docs.mcafee.com/bundle/endpoint-security-10.6.0-threat-prevention-client-interface-reference-guide-windows/page/GUID-E9B7F5D0-D67D-4F23-BC48-E75FAC86FC31.html

Please check  the above links and if you still find an issue please have a service request open with support team to understand.

@ryadav1  please check once.

Was my reply helpful?

If you find this post useful, please give it a Kudos! Also, please don't forget to select "Accept as a solution" if this reply resolves your query!

Former Member
Not applicable
Report Inappropriate Content
Message 3 of 7

Re: Low-Risk On access confusion

Hi Vivs, greatly appreciate your post but I am using VSE with ePO managed environment. I trying to setup a low risk policy to improve endpoints performance but not sure how to do it correctly.

 

My only enquiry here is only to know how those two tabs I mentioned related? will it work if I only put the process Agent.exe  in the Low-Risk Processes tab?

 

AA

Re: Low-Risk On access confusion

All scan requests have a trigger - the triggers are either a read or a write on disk. Such actions will be triggered by processes. So once you mark a process as a low risk, the policy that you set up for the low risk processes will apply. This means that all the files touched by this process will be scanned as defined in the low-risk process policy. If you choose that no actions should be done on files touched by the low-risk processes you don't need additional excludes. But if you set that files toucched by the low-risk will be scanned on-write only, you can still apply the path exclusions. Therefore none file touched by the low-risk process in this location will be scanned. But such exclude applies to low-risk process touched files.
Former Member
Not applicable
Report Inappropriate Content
Message 5 of 7

Re: Low-Risk On access confusion

Hello,

Thank you for your post.

Process exclusion is for the (process_name.exe) of any application that you want to exclude.
Exclusions are for the files/Folders that process_name.exe accesses to perform read/write operations.

I hope this helps.
Let us know if you have any queries.

Former Member
Not applicable
Report Inappropriate Content
Message 6 of 7

Re: Low-Risk On access confusion

Hi Daya, 

Appreciate your feedback.

If I put process_name.exe in the Low-Risk Processes tab without defining any folder/file path in Exclusion section tab will it still work. How the VSE will treat this process if do this?

 

AA

Former Member
Not applicable
Report Inappropriate Content
Message 7 of 7

Re: Low-Risk On access confusion

Hello Amir,

 

Yes, if you add only process_name.exe(Under low-risk process) that is enough even though if you don't add file/folder exclusions.

Refer to the below articles for more information.

Understanding High-Risk, Low-Risk, and Default processes configuration and use
Technical Articles ID: KB55139
https://kc.mcafee.com/corporate/index?page=content&id=KB55139

Why some processes must be added to low-risk exclusions
Technical Articles ID: KB66036
https://kc.mcafee.com/corporate/index?page=content&id=KB66036

I hope this helps.

 

Let us know if you have any queries.

 

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community