cancel
Showing results for 
Search instead for 
Did you mean: 
andycr
Level 7
Report Inappropriate Content
Message 1 of 8

Scriptscan - general query

Hi, We've been having the common reported performance issues with Scriptscan, exclusions have fixed some of the internal web applications but we have a lot of 8.7 out there so can't use ePO to generally exclude across the board. We can semi-automate roll out of URL exclusions by using ePO to briefly turn off access protection before remotely modifying the registry but that's not ideal. 

I'm looking at whether there's a case for having ScriptScan at all in a corporate environment if web gateway script scanning is turned on.

Anyone know of any white papers from McAfee or 3rd parties giving pros and cons of scriptscan?

Many thanks

Andy

7 Replies
Reliable Contributor exbrit
Reliable Contributor
Report Inappropriate Content
Message 2 of 8

Re: Scriptscan - general query

Moved to VSE for better handling.

Tristan
Level 15
Report Inappropriate Content
Message 3 of 8

Re: Scriptscan - general query

Why can't you use ePO to manage the 8.7 machines?

As long as the product is checked in and the reporting/mamangement extension is checked in then management shouldn't be a problem.

P.S. I'm still on ePO 4.6 so i apologies if this is an ePO 5.0 issue that i'm not familiar with.

andycr
Level 7
Report Inappropriate Content
Message 4 of 8

Re: Scriptscan - general query

Thanks for input.

This is ePO 4.5 :-(.   My understanding is that because VSE 8.7 doesn't have the checkbox for excluded URLs for scriptscan, you need to add the registry key to remote machines and then add the URL's into there. Whereas if you have 8.8 fully deployed then you can set by policy centrally.

In the ePO console -  looking at the On Access General Policy for 8.7 you only get a process exclusion box.

Whereas on the 8.8 policies in the same area you get a URL exclusion box as well.

So the only way to manage URL exclusions on VSE 8.7 is by adding the "excludedURLs" reg key to

HKLM-Software-McAfee-VSCore-Script Scanner.

This seems to work OK and fixes for individual machines but modifying the registry for loads of machines is a bit more long winded.

My main interest is in whether anyone else in the community has turned off scriptscan completely and whether they found any good McAfee white papers etc recommending turning it off with certain types of gateway web scanning already in place.

Thanks

Andy

Highlighted
Tristan
Level 15
Report Inappropriate Content
Message 5 of 8

Re: Scriptscan - general query

Apologies for not realizing 8.7 is only process based.

If it helps the default McAfee setting for ScriptScan under Servers (8.7 & 8.8) is disabled. I'm guessing this is performance rather than security but disabling is a possibility

andycr
Level 7
Report Inappropriate Content
Message 6 of 8

Re: Scriptscan - general query

Thanks Tristan, I hadn't actually noticed that ScriptScan was disabled for servers by default, that's useful to know.... I'll keep hunting for general recommendations regarding disabling ScriptScan.... I suspect no-one on the web would be brave enough to recommend turning it off completely even with solid perimeter scanning so we will probably end up going with exceptions.

Andy

Re: Scriptscan - general query

I'm brave enough. Turn if off for servers. There's a reason we made that a default. Also, you should be upgrading to VSE 8.8. The performance improvements are very compelling. I can't think of a good reasont to stay on VSE 8.7.

andycr
Level 7
Report Inappropriate Content
Message 8 of 8

Re: Scriptscan - general query

Thanks Peter. We are looking at upgrading to 8.8 imminently but we have hundreds of policys, client tasks, automated responses, server tasks etc. that we need to transfer over to 8.8 so it's not a quick job for us. I'm hoping that EpoPolicyMigration will do the job for some of it.....

Is there any compelling case or white papers you know of to justify turning off ScriptScan with perimeter scanning enabled?

thanks

Andy

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community