cancel
Showing results for 
Search instead for 
Did you mean: 

Understand Low Risk and Whitelisting

Pretty new to this and I'm trying to understand how best to install and implement a security application on all of our endpoints.  This will be done with EPO eventually, but for now I'm just using the VirusScan Console.  The application states the following: List agent executable files as low-risk processes.  I assume this is referring to On-Access scanner and if the process is named yyy.exe it would just be listed in the processes tab? Under Scan Items tab I assume you would uncheck "When writing to disk" and "When reading from disk" so that when the process touches files they will not be scanned?  Does this seem correct?  How does the exclusions tab fit in with this?

Second, the application document states: It is a good idea to whitelist or exclude associated application files from real-time scanning and behavioral analysis.  It lists a number of files to Whitelist:

%ProgramFiles%\yyyy\xxxx\xxx.dll

%ProgramFiles(x86)%\yyyy\xxxx\xxx..sys

.... etc

What's the best way to whitelist these files?  I'm not sure where to do it so that full scans and onaccess scans will not touch them. Can this just go in the exclusions for the Default Processes tab on the On-Access scanner tab.

1 Reply
Highlighted
McAfee Employee spederse
McAfee Employee
Report Inappropriate Content
Message 2 of 2

Re: Understand Low Risk and Whitelisting

Why some processes should be added to low-risk exclusions

https://kc.mcafee.com/corporate/index?page=content&id=KB66036

Understanding High-Risk, Low-Risk, and Default processes configuration and usage

https://kc.mcafee.com/corporate/index?page=content&id=KB55139

Great video which provides information about how to use Low Risk Process Policy in VirusScan Enterprise for performance optimization and reducing the need for file and folder exclusions. This video is not new, but the use of Low Risk Process Policy is often misunderstood.

https://kc.mcafee.com/content/tutorials/vse/Public_Hi-LoRiskProfiles.html

The VSE Low Risk process description for DLPE:

https://kc.mcafee.com/corporate/index?page=content&id=KB68520

General document.

https://kc.mcafee.com/corporate/index?page=content&id=KB66909

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community