cancel
Showing results for 
Search instead for 
Did you mean: 
stngr
Level 7
Report Inappropriate Content
Message 1 of 7

Exclude running processes from scanning - ePO 4.6.6

Hello All,

It might be a basic question, but I have to exclude some running processes from scanning.

I was looking for any solid info about it, but no luck

What i did:
I have assigned pathes and file names in policy assigned under: On-Access Default Processes Policies

(using path format: c:\blablabla\bla.exe and just the process name: bla.exe)

1.jpg

Is this enough to have running processes excluded?

I've read that to exclude processes they need to be assigned under "On-Access Low-Risk Processes Policies", so I did:

2.jpg

Policies are assigned to proper servers/groups:

3.jpg

but it desnt work as it should: I dont see excluded processes from ""On-Access Low-Risk Processes Policies", or I dont pathes excluded "On-Access Default Processes Policies"

What am I doing wrong?

McAfee software on the infrastructure

ePO ver 4.6.6

VirusScan Enterprose 8.8.0


6 Replies

Re: Exclude running processes from scanning - ePO 4.6.6

Hi stngr, on the On-Access Default Processes policy you have to check the box saying that you will use different policies for low and high risk.

Then, on the On-Access Low-Risk Processes policy you have to uncheck all boxes under the Scan Items tab.

stngr
Level 7
Report Inappropriate Content
Message 3 of 7

Re: Exclude running processes from scanning - ePO 4.6.6

Thanks @Laszlo, so this way I'd have path exclusions from On-Access Default Processes and process list from the On-Access Low-Risk Processes policy?

Also, even when I changed this option:
1.jpg
I still see "configure one scanning policy for all processes" on agent level

Highlighted

Re: Exclude running processes from scanning - ePO 4.6.6

Are you sure this is the policy being applied on the server? Have you sent a wake-up agent call before checking if it has been applied locally?

stngr
Level 7
Report Inappropriate Content
Message 5 of 7

Re: Exclude running processes from scanning - ePO 4.6.6

Sure: applied to the server (not workstation), assigned to correct server, wake-up agent with "Force complete policy and task update"

If I change this option:

1.jpg

on the agent directly I see processes from my Low-Risk policy.
2.jpg

However then I don't see my exclusions under Default Processes -> Exclusions

Re: Exclude running processes from scanning - ePO 4.6.6

Asking the obvious question here, but have you assigned your On-Access Default Processes policy to your server that is configured to use High & Low Risk policies? The OAS High & Low Risk policies are redundant if you haven't enforced the use of them via the Default Processes policy.


Regards,

Mick

stngr
Level 7
Report Inappropriate Content
Message 7 of 7

Re: Exclude running processes from scanning - ePO 4.6.6

Yes, on-access default processes policy and on-access low-risk processes policy are assigned to the server, rest is inherited from the pattern folder

3.jpg

More McAfee Tools to Help You

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community