Firstly I am totally new to McAfee so please be gentle with me...
I have inherited an EPO Server and I need to get my head around the system, after reading much documentation one question remains unanswered; when should I use different policies eg.."On access default processes" "on access general" "on access high risk" and "on access low risk"
For example I have some recommended A/V file exclusions for specific servers and I am unsure which of these policies to place the file exclusions into - is there a general rule for this??
Let's take SQL exclusions for instance - I would initially place them into the "on access default" but this is purely a guess.
My apologies if this has been covered in the past but I have been unable to find anything.
On access General is what it sounds like. This will set general settings that will be valid for the Default, High risk and Low risk policies.
Low risk is in general used for specifying scan setting for processes that you are pretty sure will not be handling virus infected files. I set it to not scan anything. (Allthough the exe file of the process itself is scanned once at each startup)
This will have the effect that every process that you add to this policy will not scan the files it is using.
High risk is used for specifying the processes that you are reasonably sure have a high risk of accessing virus infected files. In general the scan settings here should be at default or higher protection. This policy is pre-populated with some risky processes already by Mcafee.
Default is what it sounds like as well :-) It is basically the processes that are not defined in either high risk or low risk. This is where a lot of your 3rd party programs will appear by default. Including SQL.
The way i have done it is that i have found the SQL processes (whitch i am reasonably sure will not access virus infected files) and put them into the low risk policy. This causes the files (large DB files and logs) that the SQL services accesses not to be scanned, something that pleases our DB admin a lot, since his databases are actually working properly (read fast ) again :-)
Most of the above will of course only be valid if you are splitting the scanning policies into 3. (I belive this is defined in the Default or possible the General policy, but not sure which. Not in front of EPO at the moment) If you use only 1 policy then the Default will be used for all scanning.
I hope this made the setup a bit clearer for you, but please do not hesitate to ask if someting was unclear. This is actually one of my favorite functions in EPO :-) Easy exclusions for a spesific service without having to exclude the file or folder for all those other "virus prone" processes. What's not to like :-)
I have been testing and it seemed to work as descr4ibed - I was just looking for confirmation from a more experienced user that I was on the right track.
Thanks for your time.