cancel
Showing results for 
Search instead for 
Did you mean: 
shocko
Level 9
Report Inappropriate Content
Message 1 of 3

Low Risk Processes - McAfee Agent .exes

Jump to solution

Should the frameworkservice etc. be added to low risk processes does that even make sense? See: http://www.vmware.com/files/pdf/techpaper/vmw-mcafee-security-protection-best-practices.pdf

1 Solution

Accepted Solutions
wwarren
Level 15
Report Inappropriate Content
Message 3 of 3

Re: Low Risk Processes - McAfee Agent .exes

Jump to solution

Short answer is "No" but the reality is, if you were to do something like that you'd probably see some level of performance gain.

The answer is "No" because McAfee products are able to invoke code that notifies our scanner "Hey, I'm McAfee code, and I'm about to invoke some file transactions that you don't need to scan".

However, as you may imagine, this is not a default mindset of security-minded individuals, to simply tell the scanner "Don't scan what I'm doing". So, while that capability exists it is not always used.

Perhaps as McAfee code becomes more secure over time, as in our processes for all our products become more secure against intrusion from 3rd parties, we'll be able to more safely adopt practices of avoiding scans for work done by McAfee processes. Until then, it'll be up to you/customers to determine if a little performance gain is worth the potential risk of exclusions or placing processes in low risk profile. (As of this posting, I've not seen any ill come of such configurations, but that can change any day).

William W. Warren | S.I.R.R. | Customer Success Group | McAfee
2 Replies

Re: Low Risk Processes - McAfee Agent .exes

Jump to solution

Hi

Check out the VSE 8.8 Best Practices Guide here and take a look at page 21 (Defining the default high and low processes during scans)

Regards

Rich

Volunteer Moderator

Certified McAfee Product Specialist - ePO

wwarren
Level 15
Report Inappropriate Content
Message 3 of 3

Re: Low Risk Processes - McAfee Agent .exes

Jump to solution

Short answer is "No" but the reality is, if you were to do something like that you'd probably see some level of performance gain.

The answer is "No" because McAfee products are able to invoke code that notifies our scanner "Hey, I'm McAfee code, and I'm about to invoke some file transactions that you don't need to scan".

However, as you may imagine, this is not a default mindset of security-minded individuals, to simply tell the scanner "Don't scan what I'm doing". So, while that capability exists it is not always used.

Perhaps as McAfee code becomes more secure over time, as in our processes for all our products become more secure against intrusion from 3rd parties, we'll be able to more safely adopt practices of avoiding scans for work done by McAfee processes. Until then, it'll be up to you/customers to determine if a little performance gain is worth the potential risk of exclusions or placing processes in low risk profile. (As of this posting, I've not seen any ill come of such configurations, but that can change any day).

William W. Warren | S.I.R.R. | Customer Success Group | McAfee