cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted

Questions on exclusion naming conventions & differences (plus a bonus on-demand scan question!)

Jump to solution

Hello Community Members!

I have three questions to pose for you all. I thought about putting them in separate threads, but decided to consolidate at least for now.

1) Differences in VSE on-demand exclusions: There are three VSE policies that I just am understanding now... On-Access High-Risk, On-Access Low-Risk and On-Access Default. High-Risk is scanned more, Low-Risk is scanned less.
My confusing lies within the fact that all three of these policies contain an "exclusion" section. And that section all says the same thing--"Specify what items to exclude from scanning." So what is the difference between the exclusions in On-Access High-Risk policy, the exclusions in On-Access Low-Risk policy and the exclusions in On-Access Default

policy?

2) Exclusion nomenclature: Another question is about naming conventions for the exclusions themselves. I want to exclude McAfee from scanning some processes when they start up... but many of them end in *32.

Example: RetroFoxPro.exe *32

However, I know McAfee views the pound as a wildcard marker. Is it still alright to write it like the above example (space between the exe and the wildcard included?)

3. On-Demand Scan stops from EPO console: The follow-up question that probably deserves its own thread, and I'll throw it in one later if necessary, but is it possible to stop an On-Demand scan if it is started from the epo console rather than the VSE console? Because, quite frankly, I haven't found a way....

Thank you in advance, everyone!

1 Solution

Accepted Solutions
Highlighted
Level 11
Report Inappropriate Content
Message 2 of 5

Re: Questions on exclusion naming conventions & differences (plus a bonus on-demand scan question!)

Jump to solution

Hi Noahleaf,

Regarding exclusion nomenclature, the *32 has nothing to do with the name of the process itself. If you look on disk, you will not find any processes with *32 in the name. The *32 is a visual identifier in Windows Task Manager to identify 32-bit processes running on 64-bit Windows. You do NOT include the *32 when building exclusions.

There is not a mechanism in ePO to stop scans that have been started via ePO. If this is desired functionality, please contact your account manager to file a product enhancement request.

I'd recommend reviewing the Best Practices Guide for VSE, along with KB66909 which has some great pointers to answer your questions.

View solution in original post

4 Replies
Highlighted
Level 11
Report Inappropriate Content
Message 2 of 5

Re: Questions on exclusion naming conventions & differences (plus a bonus on-demand scan question!)

Jump to solution

Hi Noahleaf,

Regarding exclusion nomenclature, the *32 has nothing to do with the name of the process itself. If you look on disk, you will not find any processes with *32 in the name. The *32 is a visual identifier in Windows Task Manager to identify 32-bit processes running on 64-bit Windows. You do NOT include the *32 when building exclusions.

There is not a mechanism in ePO to stop scans that have been started via ePO. If this is desired functionality, please contact your account manager to file a product enhancement request.

I'd recommend reviewing the Best Practices Guide for VSE, along with KB66909 which has some great pointers to answer your questions.

View solution in original post

Highlighted

Re: Questions on exclusion naming conventions & differences (plus a bonus on-demand scan question!)

Jump to solution

Hi Tomz2!

Thank you very much, that is two out of three questions down

I have read the best practice guide, we implemented most of what it suggested and tweaked things from there. Unfortunately, it did not answer any of my questions that I had posed today. For the last remaining unanswered question, it only explains what high-risk and low-risk processes are, but does not explain what the exclusion field is in said high-risk/low-risk policy, nor how it differs from exclusions in the the normal on-access default process policy.

Level 11
Report Inappropriate Content
Message 4 of 5

Re: Questions on exclusion naming conventions & differences (plus a bonus on-demand scan question!)

Jump to solution

As mentioned, review KB66909. There are a variety of articles provided regarding high/low risk processes.

Per KB69805, If you add an exclusion to either the High-Risk or Low-Risk profile, it will be excluded from scanning only if it is being accessed by one of the processes/applications included in the list of processes defined in the corresponding profile. Therefore, the exclusion would not apply to processes and/or applications that would be scanned using the default profile.

Highlighted

Re: Questions on exclusion naming conventions & differences (plus a bonus on-demand scan question!)

Jump to solution

Ahhh ok. I did not see the KB link. I understand it now. That is a rather interesting function, one that requires some thought.

Thank you. I'll mark your posts as correct answers, appreciate the quick responses!

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community