cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted

VirusScan 8.8 Process exclusions query

Hi all,

I have jus inherited an ePO server with a totally new set of VSE 8.8 exclusions.

Firstly there are over 300 exclusion set within the policy ranging from files types, paths to single exe's. Is there a limit with VSE 8.8 ?

There is no low and high risk, just On-Access Default Process policies.

Rather then use Low and HIgh risk they have just added the exe in the file path on the On-Access Default Process policies. For example, SQLSERVR.exe.

Does this have any effect as an exclusion? I would be under the impression that if you want to excluse this process you need to add it to the low risk section. Adding it without a path in front means VirusScan will not be able to find it and if it coudl how woudl it be excluded? When it's opened?

Well, this was my impression until I saw this in the VSE 8.8 Best practise guide .... By putting Frameworkservice.exe here what is that achieving ? Should this be in the process section?

Thanks

Superhoop

best_practise.JPG

1 Reply
Highlighted
Level 14
Report Inappropriate Content
Message 2 of 2

Re: VirusScan 8.8 Process exclusions query

Hello,

Adding it without a path in front means VirusScan will not be able to find it and if it coudl how woudl it be excluded?

Exclusions can be specified with bare filenames (full or with joker characters), relative or absolute paths (full or using joker chars, see relevant KB articles). That is, you example seems to be a totally normal specification.

 I would be under the impression that if you want to excluse this process you need to add it to the low risk section

If you exactly know how and which files or folders you would like to exclude, you can safely use the Default policy. Low Risk policy is useful for excluding files that certain processes access often (read or write, etc.) of which you are certain that do not introduce viruses in these files.

In addition there could be files  with similar extensions or names that maybe accessed by other processes and low risk processes, so these files might appear on one exclusion list in the Low Risk process policy, but do not appear on the exclusion list of the Default Risk process policy.

By putting Frameworkservice.exe here what is that achieving ? Should this be in the process section?

In my opinion the FrameworkService.exe as file on the exclusion list in the picture could be a mistake, this .EXE should never be normally accessed very frequently not to mention modified at all (except maybe when agent version upgrade). This should rather be in the process section.

This picture may not be very precise as there are 3 file exclusions with a "Exclude subfolders" as Yes on each line.

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community