cancel
Showing results for 
Search instead for 
Did you mean: 

Exclusions in ePO

Hi

Can I setup an exclusion to do a process exclusion for argument on C:\Program Files\Microsoft SQL Server\BIN\SQLSERVR.EXE then that EXE can read/write whatever it wants and AV will ignore that IO.

5 Replies

Re: Exclusions in ePO

You can do it through Policy of VirusScan (see attachment file) and read here for how to use wildcards https://kc.mcafee.com/corporate/index?page=content&id=KB54812

Re: Exclusions in ePO

Thanks again but that is not what I am after. That is really basic and I have many, many exclusions already configured what I am after however is the eliminating the inputs and outputs of an application as well. It could be that the app (exe) is writting to many files and reading from many sources.

For example I could have a DTS package reading from a txt file and another from a Oracle database and another from an excel document those are what I am wanting to exclude. The thing is I have no idea as to where the input would be coming from or where the output would be going. I do understand that the output would most likely go into a MDF and LDF file but the content could also be transfered to another system like Hyperion. Hence I am looking at rather excluding the physical process from being scanned that is what I am wanting to know.

Re: Exclusions in ePO

Hi Warlock, i think you can consider about HIPS that can do something you are talking about. It can ignore some processess so the process can do anything without prevent

Re: Exclusions in ePO

I have found something under Policies under systems where you can specifiy the actual process executional. Not sure what that is going to do but the heading looks to be heading in the correct direction. "Specify processes that have a higher risk  of introducing or spreading potential threats"

What do you think. You will still have to do the exclusion of the output and the input. The question now is:

What impact does this have on system performance in terms of processor utilisation on for argument sakes entering SQLSRVR.EXE in there and it starts processing a virus. In addition to this what would it do? Shut the process down or what.

Re: Exclusions in ePO

Hi Warlock, you can see description about High and Low Risk than decide your direction. Decide which processes are low-risk and high-risk:
- Low-risk processes typically have a lower possibility of spreading or
introducing a virus. These can be processes that access a lot of files,
but do so in a way that has a lower risk of spreading viruses. For
example, backup applications and compiling processes.
- High-risk processes typically have a higher possibility of spreading or
introducing a virus. For example, processes that launch other
processes such as Microsoft Windows Explorer or the command
prompt, processes that execute scripts or macros such as WINWORD or
CSCRIPT, and processes used for downloading from the Internet such
as browsers, instant messengers, and mail clients.
Default processes are any processes not defined as low-risk or high-
risk processes