cancel
Showing results for 
Search instead for 
Did you mean: 
CDN_K3V
Level 7
Report Inappropriate Content
Message 1 of 19

Exclusions for servers question

Hi All,

I am installing and configuring Epo 4.0 and I have read the documents on exclusions for Exchange and such.

My big question is, since our db files are on a drive other then C: how would I go about creating exclusions for other drive letters?

For example I have the following:

\Indexes
\inetpub\mailroot
%windir%\systems32\ntds

etc....

Do I have to include the drive letter? Or will it be smart enough to know that any folder called "Indexes" will be excluded?

I am creating one exclusion list for all servers (basic exchange and sql servers)

Any help is appreciated!!!
18 Replies
metalhead
Level 12
Report Inappropriate Content
Message 2 of 19

RE: Exclusions for servers question

If these are all root folders this will do it:

?:\Indexes
?:\inetpub\mailroot
?:\%windir%\systems32\ntds

otherwise you can also do a general exlusion for all "paths" including these folders with:

**\Indexes
**\inetpub\mailroot
**\%windir%\systems32\ntds

Double stars mean "all characters including backslashes".
CDN_K3V
Level 7
Report Inappropriate Content
Message 3 of 19

RE: Exclusions for servers question

Thanks Metalhead!
jawuk
Level 7
Report Inappropriate Content
Message 4 of 19

RE: Exclusions for servers question

Hi Guys

sorry for digging up this old thread but it is revelant to what i am doing now

I am creating exclusions for a new bunch of servers going in doing various roles. As the detailed design is not finalised, the exclusions i add cannot have drive letters assigned, so this thread became interesting. I am though not sure that the exclusions below will work

i believe :

?:\Indexes
?:\inetpub\mailroot
**\Indexes
**\inetpub\mailroot

will work, but i am not sure that the suggestion for the ones below will work (%windir% does not work on all systenms any, its best to use %systemroot%, but that is not the point i am making): -

?:\%windir%\systems32\ntds
**\%windir%\systems32\ntds



My concern is that by using environmental variables will end up already including a drive letter , so the above would be interpriped by Mcafee AV as : -

?:\c:\Windows\systems32\ntds
**\c:\Windows\\systems32\ntds

Which will not have the desired affect.

This is an issue for me when adding Exchange exclusions which use the %ProgramFiles% variable, which again will include a drive letter.

So if for example i am wanting to add the exclusion for Address book related extensions but i didnt know where Program Files was going to be using

%ProgramFiles%\Microsoft\Exchange Server\**\*.lzx

would NOT be sufficient, if the variable was not setup correctly to the correct drive an just defaulted to c:\Program Files

I believe i would have to use either : -

**\Microsoft\Exchange Server\**\*.lzx

or

**\Program Files\Exchange Server\*\*.lzx

or

??:\Program Files\Exchange Server\*\*.lzx


Let me know your thoughts

regards

J

RE: Exclusions for servers question

jawuk
Level 7
Report Inappropriate Content
Message 6 of 19

RE: Exclusions for servers question

Thanks. I had seen the first one but not the second. Interesting. Though im still curious about my initial questions RE: System drive letter substitution will NOT work using variables as they will already include a drive letter

J


RE: Exclusions for servers question

HI,

I tested using %windir% on my system here, this worked ok for me, but I think your idea makes sense,

**\Program Files\Exchange Server\*\*.lzx would seem to be the most bullet proof option.

What did you find when testing this stuff?
dustrho
Level 7
Report Inappropriate Content
Message 8 of 19

RE: Exclusions for servers question

No matter how many times I read about the McAfee wildcards that can be used, I'm still a bit confused as to which one to use. I'm most confused about about using the right wildcard for when an application is installed either on C:\ or on D:\. For example, we have a specific application installed randomly on various drives (don't ask me why it's that way, but it's legacy crap) as such...

C:\Program Files\AppName\
D:\Program Files\AppName\

I need to know if I should be using a single asterisk (*), double asterisk (**) or a question mark (?) in the spot for the drive letter. I've inherited a lot of these rules in ePO from my predecessor, and I need to make sure the right wildcard is being used. All three of those options are used, and I know that only one should be used. I'm guessing that the following should be used, right?

**\Program Files\AppName\
jawuk
Level 7
Report Inappropriate Content
Message 9 of 19

RE: Exclusions for servers question

Yes

or

?:\Program Files\AppName\

should also work

J
Highlighted

Re: RE: Exclusions for servers question

**\Program Files\AppName\

Should allow you to exclude the "AppName" directory, and all sub-directories depending how choose to setup in EPO.

In EPO there is an addtional option to select all subdirectories, and I believe you "must" select exclude all sub-directories for the On-Access Scanner (OAS) exclusions. I haven't seen this addressed in the McAfee EPO tutorials yet.

More McAfee Tools to Help You

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community