cancel
Showing results for 
Search instead for 
Did you mean: 

Questions on exclusion naming conventions & differences (plus a bonus on-demand scan question!)

Jump to solution

Hello Community Members!

I have three questions to pose for you all. I thought about putting them in separate threads, but decided to consolidate at least for now.

1) Differences in VSE on-demand exclusions: There are three VSE policies that I just am understanding now... On-Access High-Risk, On-Access Low-Risk and On-Access Default. High-Risk is scanned more, Low-Risk is scanned less.
My confusing lies within the fact that all three of these policies contain an "exclusion" section. And that section all says the same thing--"Specify what items to exclude from scanning." So what is the difference between the exclusions in On-Access High-Risk policy, the exclusions in On-Access Low-Risk policy and the exclusions in On-Access Default

policy?

2) Exclusion nomenclature: Another question is about naming conventions for the exclusions themselves. I want to exclude McAfee from scanning some processes when they start up... but many of them end in *32.

Example: RetroFoxPro.exe *32

However, I know McAfee views the pound as a wildcard marker. Is it still alright to write it like the above example (space between the exe and the wildcard included?)

3. On-Demand Scan stops from EPO console: The follow-up question that probably deserves its own thread, and I'll throw it in one later if necessary, but is it possible to stop an On-Demand scan if it is started from the epo console rather than the VSE console? Because, quite frankly, I haven't found a way....

Thank you in advance, everyone!

1 Solution

Accepted Solutions
tomz2
Level 11
Report Inappropriate Content
Message 2 of 5

Re: Questions on exclusion naming conventions & differences (plus a bonus on-demand scan question!)

Jump to solution

Hi Noahleaf,

Regarding exclusion nomenclature, the *32 has nothing to do with the name of the process itself. If you look on disk, you will not find any processes with *32 in the name. The *32 is a visual identifier in Windows Task Manager to identify 32-bit processes running on 64-bit Windows. You do NOT include the *32 when building exclusions.

There is not a mechanism in ePO to stop scans that have been started via ePO. If this is desired functionality, please contact your account manager to file a product enhancement request.

I'd recommend reviewing the Best Practices Guide for VSE, along with KB66909 which has some great pointers to answer your questions.

4 Replies
tomz2
Level 11
Report Inappropriate Content
Message 2 of 5

Re: Questions on exclusion naming conventions & differences (plus a bonus on-demand scan question!)

Jump to solution

Hi Noahleaf,

Regarding exclusion nomenclature, the *32 has nothing to do with the name of the process itself. If you look on disk, you will not find any processes with *32 in the name. The *32 is a visual identifier in Windows Task Manager to identify 32-bit processes running on 64-bit Windows. You do NOT include the *32 when building exclusions.

There is not a mechanism in ePO to stop scans that have been started via ePO. If this is desired functionality, please contact your account manager to file a product enhancement request.

I'd recommend reviewing the Best Practices Guide for VSE, along with KB66909 which has some great pointers to answer your questions.

Re: Questions on exclusion naming conventions & differences (plus a bonus on-demand scan question!)

Jump to solution

Hi Tomz2!

Thank you very much, that is two out of three questions down

I have read the best practice guide, we implemented most of what it suggested and tweaked things from there. Unfortunately, it did not answer any of my questions that I had posed today. For the last remaining unanswered question, it only explains what high-risk and low-risk processes are, but does not explain what the exclusion field is in said high-risk/low-risk policy, nor how it differs from exclusions in the the normal on-access default process policy.

tomz2
Level 11
Report Inappropriate Content
Message 4 of 5

Re: Questions on exclusion naming conventions & differences (plus a bonus on-demand scan question!)

Jump to solution

As mentioned, review KB66909. There are a variety of articles provided regarding high/low risk processes.

Per KB69805, If you add an exclusion to either the High-Risk or Low-Risk profile, it will be excluded from scanning only if it is being accessed by one of the processes/applications included in the list of processes defined in the corresponding profile. Therefore, the exclusion would not apply to processes and/or applications that would be scanned using the default profile.

Re: Questions on exclusion naming conventions & differences (plus a bonus on-demand scan question!)

Jump to solution

Ahhh ok. I did not see the KB link. I understand it now. That is a rather interesting function, one that requires some thought.

Thank you. I'll mark your posts as correct answers, appreciate the quick responses!