We have multiple policies for excluding files/processes and I am wondering, what is the drawback of having only one policy.
When it comes to a change the majority of servers are under one policy for exclusions but then we have some broken down i.e. SQL, Citrix, Carbon Black. When I need to make an exclusion to all servers I need to touch each of the policies. Having just one policy for exclusions would give me that ability to only do it at one place compared to multiple.
Re: One Policy for exclusions vs Multiple Policies
It all depends on how many exclusions you are talking about. The longer the list of exclusions, the scanner has to parse through them continuously for on access scanning to determine whether a file or folder needs to be scanned or not. I would suggest having maybe 2-4 policies, depending on the server type. Example, epo doesn't really need any, but I typically exclude the events folder and log file types. Sql server has its own low risk and file type exclusions needed, same with an Exchange server. Keeping just a basic server type policy that can apply to multiple server types, but still be scaled down for efficiency, can improve overall performance. You shouldn't need more than a few, which isn't too bad for policy maintenance. Extremely large policies are also known to cause high cpu issues with the agent when the agent is trying to apply and enforce the large policy set.
Was my reply helpful? If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.
Community Help Hub
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.