cancel
Showing results for 
Search instead for 
Did you mean: 
stngr
Level 7
Report Inappropriate Content
Message 1 of 7

Exclude running processes from scanning - ePO 4.6.6

Hello All,

It might be a basic question, but I have to exclude some running processes from scanning.

I was looking for any solid info about it, but no luck

What i did:
I have assigned pathes and file names in policy assigned under: On-Access Default Processes Policies

(using path format: c:\blablabla\bla.exe and just the process name: bla.exe)

1.jpg

Is this enough to have running processes excluded?

I've read that to exclude processes they need to be assigned under "On-Access Low-Risk Processes Policies", so I did:

2.jpg

Policies are assigned to proper servers/groups:

3.jpg

but it desnt work as it should: I dont see excluded processes from ""On-Access Low-Risk Processes Policies", or I dont pathes excluded "On-Access Default Processes Policies"

What am I doing wrong?

McAfee software on the infrastructure

ePO ver 4.6.6

VirusScan Enterprose 8.8.0


6 Replies

Re: Exclude running processes from scanning - ePO 4.6.6

Hi stngr, on the On-Access Default Processes policy you have to check the box saying that you will use different policies for low and high risk.

Then, on the On-Access Low-Risk Processes policy you have to uncheck all boxes under the Scan Items tab.

stngr
Level 7
Report Inappropriate Content
Message 3 of 7

Re: Exclude running processes from scanning - ePO 4.6.6

Thanks @Laszlo, so this way I'd have path exclusions from On-Access Default Processes and process list from the On-Access Low-Risk Processes policy?

Also, even when I changed this option:
1.jpg
I still see "configure one scanning policy for all processes" on agent level

Highlighted

Re: Exclude running processes from scanning - ePO 4.6.6

Are you sure this is the policy being applied on the server? Have you sent a wake-up agent call before checking if it has been applied locally?

stngr
Level 7
Report Inappropriate Content
Message 5 of 7

Re: Exclude running processes from scanning - ePO 4.6.6

Sure: applied to the server (not workstation), assigned to correct server, wake-up agent with "Force complete policy and task update"

If I change this option:

1.jpg

on the agent directly I see processes from my Low-Risk policy.
2.jpg

However then I don't see my exclusions under Default Processes -> Exclusions

Re: Exclude running processes from scanning - ePO 4.6.6

Asking the obvious question here, but have you assigned your On-Access Default Processes policy to your server that is configured to use High & Low Risk policies? The OAS High & Low Risk policies are redundant if you haven't enforced the use of them via the Default Processes policy.


Regards,

Mick

stngr
Level 7
Report Inappropriate Content
Message 7 of 7

Re: Exclude running processes from scanning - ePO 4.6.6

Yes, on-access default processes policy and on-access low-risk processes policy are assigned to the server, rest is inherited from the pattern folder

3.jpg

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator