cancel
Showing results for 
Search instead for 
Did you mean: 
tnjman
Level 7
Report Inappropriate Content
Message 11 of 19

Re: Exclusions for servers question

One thing I have yet to see definitively explained: Is there any difference in "file exclusion" vs. "process exclusion."

If not, why have both?

One person, on another link, indicated he prefers "process exclusion," as it is 'more efficient.'

BUT, the main point is that "file" vs. "process" exclusion would, by common sense, seem to be two completely different things!

Can anyone confirm, and please point to an official McAfee source?

i.e., if I exclude 'mad.exe' as a 'process' - then I would think that I am including 'process execution,' linkage points, process starting/stopping vs. 'file exclusions,' which are simply excluding files and folders from being scanned. So, does 'real-time' scanning have a difference regarding 'process exclusions' than 'file/folder exclusions' - and are they two different animals?

This would seem to be an INCREDIBLY HUGE point to make, for McAfee, Microsoft, etc.; to clarify if there are differences between the 2 methods; and the significance of those differences.

Such clarification affects the entire "AV exclusion" strategy.

Thanks in advance for any information and/or experience you may have regarding this question!

tnjman.

Rixter
Level 7
Report Inappropriate Content
Message 12 of 19

Re: Exclusions for servers question

What about the C:\Documents and Settings\All Users\Application Data\McAfee\Common Framework\ folder? We get a lot of OAS time outs scanning various .XML or .MCS files in those folders.

Re: Exclusions for servers question

Setting the exclusions in the On-Access Default Processes Policies was pretty straightforward with ePO 4.5. Just export the policy as an XML document, modify it to add new exclusions for Workstations or Servers, then import it back.

What I can't see is whether those exlusions have been applied or not. Looking at the Exclusions tab of the All Processes settings for the On-Access Scan Properties from the VirusScan Console, it shows an empty list.

Is this supposed to show exclusions set in ePO? If not, how do we confirm the exclusions defined in the Global policy are being applied to servers and workstations?

Re: Exclusions for servers question

All exclusions set in ePO are shown on the client, so it seems that the exclusions are not applied to the servers and workstations.

McAfee Employee JoeBidgood
McAfee Employee
Report Inappropriate Content
Message 15 of 19

Re: Exclusions for servers question

TokyoBrit wrote:

Setting the exclusions in the On-Access Default Processes Policies was pretty straightforward with ePO 4.5. Just export the policy as an XML document, modify it to add new exclusions for Workstations or Servers, then import it back.

I'm curious why you did it this way rather than adding the exclusion via the GUI? Your approach should work but it's not really the intended use of the function...

Thanks -

Joe

Re: Exclusions for servers question

It seems that default exclusions were not included when I upgraded from ePO 3.6.1 to 4.5, so I had to add all the ones for both Windows servers and desktops. Manually adding one exclusion at a time is far too much work, so I used the "bulk" workaround.

To see what I mean, start ePO 4.5, go to Menu > Policy > Policy Catalog, duplicate the McAfee Default (mine is named My Default), Edit Settings, Settings for Server, click Exclusions, click Add..., and on the Add/Edit Exclusion Item pop-up, the By pattern choice is a single line text box.

Even if you could somehow add multiple exclusions (by using space? colon? semi-colon?), the text box isn't large enough to see what you are adding.

But my main point is that with "Overwrite client exclusions. Only exclude items specified in this policy." checked, there is no way to know from the VirusScan Console what exclusions have been applied.

McAfee Employee JoeBidgood
McAfee Employee
Report Inappropriate Content
Message 17 of 19

Re: Exclusions for servers question

Okay, a bit unusual    There aren't any default exclusions in 8.7, as far as I know, so I'm assuming that you mean it didn't correctly migrate your exclusions from 361 to 4.5?   Either way that's a bit academic at the moment, as the interesting bit is this:

But my main point is that with "Overwrite client exclusions. Only exclude items specified in this policy." checked, there is no way to know from the VirusScan Console what exclusions have been applied.

You should definitely be able to see the exclusions in the VSE console on the client machine. The "overwrite client..." option only means that any locally-configured exclusions will be removed - the exclusions configured in the policy should always be visible, though.

This means that you may have a deeper problem whereby policies are not being correctly applied. As a test, make a copy of the mcafee default policy, and manually enter an exclusion via the GUI rather than by exporting/editing/importing the policy. Assign this to one machine and see if you can see the exclusion in the local VSE console.

HTH -

Joe

Highlighted

Re: Exclusions for servers question

And I have to apologise for being a fool.

Obviously I didn't give VSE enough time to sync the policies, as it now shows the exclusions I defined in ePO within the VS console.

But thank you for your time and patience.

McAfee Employee JoeBidgood
McAfee Employee
Report Inappropriate Content
Message 19 of 19

Re: Exclusions for servers question

No problem - glad it's behaving itself now

Regards -

Joe

More McAfee Tools to Help You

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community