cancel
Showing results for 
Search instead for 
Did you mean: 

Exclusions with system:remote

Jump to solution

Hello dear friends,

I have a question regarding exclusions.

I have a server running VSE 8.8 Patch 2 controlled by ePO 4.6.6. We have the recommended exclusions by McAfee for Win7 and Servers.

My question is about a File Server running Windows 2008 R2, in which when users access a share, the transfer is incredibly slow to the point where it almost halts bringing the system do it's knees.

I had a look at the OnAccessScan.log to identify which processes are involved that can cause this, but in this case, I can't identify a source process.

Example:

30-08-2013          13:38:20          Not scanned  (scan timed out)           NT AUTHORITY\SYSTEM          System:Remote          D:\Directory\File1.zip          none (Virus)

30-08-2013          13:39:07          Not scanned  (scan timed out)           NT AUTHORITY\SYSTEM          System:Remote          D:\Directory\File2.zip          none (Virus)

30-08-2013          16:15:03          Not scanned  (scan timed out)           NT AUTHORITY\SYSTEM          System:Remote          D:\Directory\File1.exe none (Virus) (this EXE is a compressed file which auto decompresses upon clicking).

Now, since I have in the source process "System:Remote", how do I add the exclusion for this ? Or should I add the directories in matter as a low risk exclusion?

Can anyone shed a light here?

Thank you so much in advance.

McAfee ePolicy Orchestrator Admin.



1 Solution

Accepted Solutions

Re: Exclusions with system:remote

Jump to solution

The problem is that (probably) your zipped files are large or content a lot of files. There's no need to try to exclude the system:remote because it has no sense, what you could do would be exclude your zipped files from on-access scanner when reading but not when writing, this should leverage your server a bit.

4 Replies

Re: Exclusions with system:remote

Jump to solution

The problem is that (probably) your zipped files are large or content a lot of files. There's no need to try to exclude the system:remote because it has no sense, what you could do would be exclude your zipped files from on-access scanner when reading but not when writing, this should leverage your server a bit.

Re: Exclusions with system:remote

Jump to solution

So by configuring the OnAccess Scanner to scan when read by not write, will solve the problems when users are just accessing the directory ? In this case, browsing, copying files.. ?

Highlighted

Re: Exclusions with system:remote

Jump to solution

No, you should scan on writing and not on reading. This is because you need to scan new files and modified files but for performance purposes you can disable scan o reading as this should leverage your systems.

In this case when a user opens a file or browses a folder the on-access scanner will do nothing but when copying or writing files then it will

Re: Exclusions with system:remote

Jump to solution

Thank you, followed your both advices and it's all OK now

Cheers.

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator