Hi, We've been having the common reported performance issues with Scriptscan, exclusions have fixed some of the internal web applications but we have a lot of 8.7 out there so can't use ePO to generally exclude across the board. We can semi-automate roll out of URL exclusions by using ePO to briefly turn off access protection before remotely modifying the registry but that's not ideal.
I'm looking at whether there's a case for having ScriptScan at all in a corporate environment if web gateway script scanning is turned on.
Anyone know of any white papers from McAfee or 3rd parties giving pros and cons of scriptscan?
Why can't you use ePO to manage the 8.7 machines?
As long as the product is checked in and the reporting/mamangement extension is checked in then management shouldn't be a problem.
P.S. I'm still on ePO 4.6 so i apologies if this is an ePO 5.0 issue that i'm not familiar with.
Thanks for input.
This is ePO 4.5 :-(. My understanding is that because VSE 8.7 doesn't have the checkbox for excluded URLs for scriptscan, you need to add the registry key to remote machines and then add the URL's into there. Whereas if you have 8.8 fully deployed then you can set by policy centrally.
In the ePO console - looking at the On Access General Policy for 8.7 you only get a process exclusion box.
Whereas on the 8.8 policies in the same area you get a URL exclusion box as well.
So the only way to manage URL exclusions on VSE 8.7 is by adding the "excludedURLs" reg key to
This seems to work OK and fixes for individual machines but modifying the registry for loads of machines is a bit more long winded.
My main interest is in whether anyone else in the community has turned off scriptscan completely and whether they found any good McAfee white papers etc recommending turning it off with certain types of gateway web scanning already in place.
Apologies for not realizing 8.7 is only process based.
If it helps the default McAfee setting for ScriptScan under Servers (8.7 & 8.8) is disabled. I'm guessing this is performance rather than security but disabling is a possibility
Thanks Tristan, I hadn't actually noticed that ScriptScan was disabled for servers by default, that's useful to know.... I'll keep hunting for general recommendations regarding disabling ScriptScan.... I suspect no-one on the web would be brave enough to recommend turning it off completely even with solid perimeter scanning so we will probably end up going with exceptions.
I'm brave enough. Turn if off for servers. There's a reason we made that a default. Also, you should be upgrading to VSE 8.8. The performance improvements are very compelling. I can't think of a good reasont to stay on VSE 8.7.
Thanks Peter. We are looking at upgrading to 8.8 imminently but we have hundreds of policys, client tasks, automated responses, server tasks etc. that we need to transfer over to 8.8 so it's not a quick job for us. I'm hoping that EpoPolicyMigration will do the job for some of it.....
Is there any compelling case or white papers you know of to justify turning off ScriptScan with perimeter scanning enabled?