cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Former Member
Not applicable
Report Inappropriate Content
Message 1 of 3

odd exclusion syntax in ePO for VSE

Is anyone familiar with the exclusion syntax with the prefix "\:::" for ePO/VSE process exclusion? Is it documented anywhere?

I can find no documentation anywhere on what this syntax means - it appears to function as if it references the current McAfee VSE install directory on the client.

The instance of this syntax is located in our ePO installation (that I inherited) in an assigned policy at the root of the system tree of category: VirusScan Enterprise 8.8.0 : Access Protection Policies

Within this policy and the defined access protection rules under category "Common Standard Protection" : Prevent modification of McAfee files and settings it has a bunch of executables its excluding with this odd syntax.

exclusions.png

The executables being excluded are in the VSE folder and do seem to be successfully excluded -

EXCEPT in the case when we were updating HIPS on the clients - this caused the exclusions to fail until we restart the clients - at which point the exclusions start working again.

2 Replies
Former Member
Not applicable
Report Inappropriate Content
Message 2 of 3

Re: odd exclusion syntax in ePO for VSE

I suggest you to config your HIPS on Adaptive mode for a while then see the result.

Former Member
Not applicable
Report Inappropriate Content
Message 3 of 3

Re: odd exclusion syntax in ePO for VSE

That's odd, never seen wildcards like that before. Usually they are something like the below:

Wildcards (**,*, ?) are helpful in creating exclusions for VSE, but certain rules apply (see examples below).

•The ? wildcard is used to represent a single character in the exact position where it is placed in the path or file name.

•The * wildcard is used to represent partial filenames or extensions with one or more characters from the exact position where it is placed in the path \ file given.

•The ** wildcard is generally used for (partial) filenames or extensions with one or more characters from the exact position where it is placed in the path \ file given.

•System Environmental Variables such as %SystemRoot% can be used in exclusions. User Environmental Variables such as %UserProfile% cannot because the On‑Access scanner runs under the Windows Local System account.

We have wildcards within VSE for things like this, but never seen the ::: before

**\*.html

<drive:>\**\test.exe

<drive:>\**\*.tmp

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community