Pretty new to this and I'm trying to understand how best to install and implement a security application on all of our endpoints. This will be done with EPO eventually, but for now I'm just using the VirusScan Console. The application states the following: List agent executable files as low-risk processes. I assume this is referring to On-Access scanner and if the process is named yyy.exe it would just be listed in the processes tab? Under Scan Items tab I assume you would uncheck "When writing to disk" and "When reading from disk" so that when the process touches files they will not be scanned? Does this seem correct? How does the exclusions tab fit in with this?
Second, the application document states: It is a good idea to whitelist or exclude associated application files from real-time scanning and behavioral analysis. It lists a number of files to Whitelist:
What's the best way to whitelist these files? I'm not sure where to do it so that full scans and onaccess scans will not touch them. Can this just go in the exclusions for the Default Processes tab on the On-Access scanner tab.
Great video which provides information about how to use Low Risk Process Policy in VirusScan Enterprise for performance optimization and reducing the need for file and folder exclusions. This video is not new, but the use of Low Risk Process Policy is often misunderstood.