Showing results for 
Show  only  | Search instead for 
Did you mean: 

Are Policy Subsets available?


Is there a way in ePO to have subsets of policies? (I'm sure there must be a better word for it).  

For example, if we look at VSE configuration and exclusions, ideally I want to be able to:

- define a list of exclusions for SQL server

- define a list of exclusions for Microsoft recommended Exclusions

  - define a list of exclusions for another application etc.

Obviously this is possible with diffent policies, but really what I want to be able to do is then take a branch of the of the System Tree and say that for these machines apply a policy that contains the list of exclusions from both the "SQL server" and "Microsoft recommend exclusions" list that I defined above.

Therefore meaning that if I need to change the "Microsoft recommended Exclusions" list then I just do it in one place, and it filters through into the any policy referencing the above lists - rather than today have to check every policy that I think maybe affected.   I suppose it's like saying that I want to be able to apply two "On-Access Default Processes Policies" to a system branch and then have ePO merge the policies when applying it to a client.

Obviously I've used VSE exclusions for example purposes, but this could be VSE Access Protection or any other application.

Hopefully you'll understand what I'm trying to explain.

I'm currently running ePO 4.6

Anything possible in 4.6 or 5?.

Thank you


1 Reply
Level 14
Report Inappropriate Content
Message 2 of 2

Re: Are Policy Subsets available?


did you consider using the policy assigment rules? These might be just for the purpose you mention here, I think. You create a policy assigment rule for all your SQL server another for all your Exchange servers. First rule have the policy with exclusions for SQL servers the second with exclusions for Exchange.

You need to apply tags your particular servers for this and assign the respecitve policy rule to those tags (the policy will be applied to systems that have those tags). All you need to make sure that your tags are applied to each new server that are created.

See also ePO 4.6 manual p. 166.

Otherwise what prevents you from applying the exclusions in the general policy? You can say that those exclusions will be never met in the case of non-SQL and non-Exchange servers, and according to my (previous) information, around 1000 exclusions will there be a noticeable lag in OAS scanning.. Just being curious...


Message was edited by: apoling on 09/05/13 11:33:32 CEST
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community