cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
haaris
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 1 of 8

Policy assignment rule on basis of tag in EPO

Hi,

 

SInce we have lots of exclusion(I know its not good for security but then all those are legitimate applications & becasue of some issues)in ENS 10.5.3 which is not working in a single policy since ENS has limitation on the basis of number of exclusions.So we tried to split those exclusions in 3 0r 4 different polices to limit the number of exclusions in a single policy.But after assigning tag(Tag is server) to these policies we can see only the one policies exclusions is getting applied on the systems and not all 3 or 4 policies exclusion.

We can assgin policies on the basis of tag only and not on basis of groups.Now the problem is how we can do that since we cant use only 1 policy because of limitations in the number of exclusion and we are also not able to do that by tagging 3 or 4 policies with the same tag.

 

Even somehow which seems to very difficult if we can manage to create different groups for servers for differnet exclusions then in that case also after sometime number of exclusions will increase then those exclusions will again not work.So what is the solution for that.

Can somebody help me out???

I am really looking for answer

 

7 Replies
fabhoo
Level 9
Report Inappropriate Content
Message 2 of 8

Re: Policy assignment rule on basis of tag in EPO

Hi,

this quantity of exclusions may result in reduced performance. Why don't you work with scan profiles?

Scan profiles and scan performance is described in this article:
https://kc.mcafee.com/corporate/index?page=content&id=KB88205

What kind of issues do you have with your applications?

haaris
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 3 of 8

Re: Policy assignment rule on basis of tag in EPO

Hi,

 

I think you didnt get my question.Please read carefully.

Policy assignment on the basis of tag is not working if the tag is assigned to more than policy for on access scan exclusions.For eg. Server tag assigned to 3 polices of on access scan in ENS but only the exclusion of first policy is getting applied and not the exclusions of all 3 polices.

 

Can anyone check this & help

cdinet
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 4 of 8

Re: Policy assignment rule on basis of tag in EPO

ENS or VSE policies are not multi-slot, meaning more than one policy assigned at a time.  Only one policy will be applied at a time.  You can use wildcards and variables to reduce the number of exclusions, but too many exclusions reduce security as well as performance. 

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

haaris
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 5 of 8

Re: Policy assignment rule on basis of tag in EPO

Hi cdinet ,

We have 2 on-access policies for workstation each containing 100 different exclusions.We have used the rule assignment to assign these policies for workstation(There are 2 rule assignment having same tag workstaion or laptop) When I am applying these two poliices only the first policy is getting applied and we can see 100 exclusion only instead of 200 (100+100).Is this the right behaviour that only one policy will apply?

 

In our environment we have lots of exclusion and those are legiitmate one but the count is large since we have more than 1.5 lakh systems.Now the problem is that if we keep only one policy then the number of exclusions will be large and it wont work since we are not able to see exclusion in this case.Other problem is that if we keep seperate policies by dividing the exclusions then as said above only one policy is getting applied.Also we dont have such structure that we can create two different groups of workstaion & server and can assign policies to that group(Even if somehow we are able to do that then number of exclusions will increase after sometime and again large exclusions wont work).The option left is to assign policies on the basis of tag only

I am stuck at the point where i dont how to go.I dont why McAfee have limitation on number of exclusions since anyone can have large number of exclusions depending upon their environment.I know its not a good security practice to have such a large number of exclusions but then if an environment have so much applications and it requires then no option.

If possible can anyone suggest me what to do now??

cdinet
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 6 of 8

Re: Policy assignment rule on basis of tag in EPO

That is behaving as designed, only one policy will be applied.  Can you email me a list of your exclusions (export the 2 policies you referred to, for example)?  Maybe I can see how some of those can be consolidated to optimize the number of exclusions using wildcards.

caryn_dinet@mcafee.com

Also, you need to have ENS team possibly review what you are trying to accomplish, as some applications would perform better using low risk processes rather than file/folder exclusions.  I would recommend opening a ticket with the ENS team to review.  For example, look at each exclusion and determine what issue it was designed to resolve.  Performance, or breaking the application, or what specific issue?  That can determine possibly whether it should be a file/folder exclusion or a low risk process.  Understanding the key differences are critical for setting them properly.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

haaris
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 7 of 8

Re: Policy assignment rule on basis of tag in EPO

Hi cdinet,

 

Just wanted to confirm one thing..If I have two polices for ENS on-access scan, one Workstation_policy with policy assignment rule having tag workstation and other one Server_Policy with policy assignment rule having tag server then will the workstation policy will apply to workstation and server policy tp server or is it like that only one policy will be used.

 

Can yuo please clarify on this 

cdinet
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 8 of 8

Re: Policy assignment rule on basis of tag in EPO

Sorry for the delay in responding, I was out of office.  Yes, the workstation policy would be applied by that tag workstation as would the server policy for the server tags. 

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community