It might be a basic question, but I have to exclude some running processes from scanning.
I was looking for any solid info about it, but no luck
What i did:
I have assigned pathes and file names in policy assigned under: On-Access Default Processes Policies
(using path format: c:\blablabla\bla.exe and just the process name: bla.exe)
Is this enough to have running processes excluded?
I've read that to exclude processes they need to be assigned under "On-Access Low-Risk Processes Policies", so I did:
Policies are assigned to proper servers/groups:
but it desnt work as it should: I dont see excluded processes from ""On-Access Low-Risk Processes Policies", or I dont pathes excluded "On-Access Default Processes Policies"
What am I doing wrong?
McAfee software on the infrastructure
ePO ver 4.6.6
VirusScan Enterprose 8.8.0
Hi stngr, on the On-Access Default Processes policy you have to check the box saying that you will use different policies for low and high risk.
Then, on the On-Access Low-Risk Processes policy you have to uncheck all boxes under the Scan Items tab.
Thanks @Laszlo, so this way I'd have path exclusions from On-Access Default Processes and process list from the On-Access Low-Risk Processes policy?
Also, even when I changed this option:
I still see "configure one scanning policy for all processes" on agent level
Sure: applied to the server (not workstation), assigned to correct server, wake-up agent with "Force complete policy and task update"
If I change this option:
on the agent directly I see processes from my Low-Risk policy.
However then I don't see my exclusions under Default Processes -> Exclusions
Asking the obvious question here, but have you assigned your On-Access Default Processes policy to your server that is configured to use High & Low Risk policies? The OAS High & Low Risk policies are redundant if you haven't enforced the use of them via the Default Processes policy.
Yes, on-access default processes policy and on-access low-risk processes policy are assigned to the server, rest is inherited from the pattern folder