cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
shootking
shootking
Level 7
Report Inappropriate Content
Message 1 of 5
‎09-17-2009 11:07 PM

Exclusuions in ePO regarding On Acess Scanner

I am currently configuring my ePO with exclusions for different server types. I am also trying to avoid to many policies in my ePO server. But as I am struggling with this configuration I am suffering from non-standard server and installations...

On some servers the files I am trying to exclude lies on C:, on other servers D:. What is best practise:

1. Make an profile per server that matches each server perfect
2. Make an general profile with exclusions that matches every server in my server group
0 Kudos
Reply
4 Replies
Highlighted
MilleRJ
MilleRJ
Level 7
Report Inappropriate Content
Message 2 of 5
‎09-18-2009 03:46 AM

RE: Exclusuions in ePO regarding On Acess Scanner

The fewer policies you have, the easier to manage, and therefore less likely to go wrong 🙂

All things being equal, I would set up two groups, and set the policies at the group level.

Let's say you want to exclude either C:\FOOBAR or D:\FOOBAR depending on which Drive FOOBAR is installed...

SERVERS
+ GROUP-C-FOOBAR <-- apply the policy exclusion here
| + Server A
| + Server B
+ GROUP-D-FOOBAR <-- apply the policy exclusion here
| + Server C
| + Server D

Of course - if it really IS as simple as I've shown above, then you can also set a policy at the top level excluding **\FOOBAR\ - which will exclude foobar irrespective of which drive it is on, or how far down the path it is...
0 Kudos
Reply
shootking
shootking
Level 7
Report Inappropriate Content
Message 3 of 5
‎09-18-2009 03:55 AM

RE: Exclusuions in ePO regarding On Acess Scanner

Now the reality is not that simple...

For example:
Server 1: MSSQL, IIS
Server 2: DC, WINS, DNS, DHCP, RIS, IIS
Server 3: Oracle, IIS
Server 4: IIS
Server 5: exchange, IIS
and so on...

I am trying to set exclusions based om the applications on the server. And the application/services are scattered in many different combinations. I dont have x servers running IIS and y servers running oracle. It is all mixed up...

I should need policies that aggregates/cumulative (I think that is the english word for it). In other words, several policies on one server, if you understand...
0 Kudos
Reply
zag
zag
Level 7
Report Inappropriate Content
Message 4 of 5
‎09-18-2009 04:10 AM

RE: Exclusuions in ePO regarding On Acess Scanner

Yeah, this is a feature that ePO/VSE is missing alright that would be pretty handy.

It would be great to define a primary VSE policy - say Global_Default which excludes things like pagefile.sys and other standards, then a sub policy called IIS, then another one called Oracle, etc . . .

Then you could apply a series of policies based on tags - so everything would get Global_Default, the ones you have tagged as IIS servers would get the IIS policy, the ones with IIS & Oracle tag would get both extra policies, etc . . .

As you have described above, it's almost impossible to create policies to match all the combinations of servers you have. And it's not just as simple as bunging all the exclusions into one big policies - there are reasons you might want to exclude some things for Oracle but not exclude them for IIS.

Come on McAfee . . . lose the monolithic approach to policy creation and make it more flexible, like for the real world.

David
0 Kudos
Reply
MilleRJ
MilleRJ
Level 7
Report Inappropriate Content
Message 5 of 5
‎09-18-2009 05:11 AM

RE: Exclusuions in ePO regarding On Acess Scanner

I agree a more flexible approach would be welcome...but with what we've got today, you have a couple of options, ShootKing

a) Have the one generic policy that covers all bases - using the '**' wildcard
e.g. Exclude **\Oracle\ & **\Exchange\
It will exclude the items on each server IF THEY ARE INSTALLED/THERE.....

b) Have specific exclusions for each combination of software

..but you already knew that 🙂

Perhaps if you workout your individual exclusions you can see where a minor change to the exclusions can be used to reduce the number of groups - e.g. all mail servers in one group, all infrastructure in another, etc. This half-way-house may not be ideal, but may give you the right level of protection across the right servers...

Good Luck
0 Kudos
Reply
More McAfee Tools to Help You
  • How to Troubleshoot Install & Deployment Failures
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator

    • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community


    Corporate Headquarters
    2821 Mission College Blvd.
    Santa Clara, CA 95054 USA

    Consumer Support   |   Enterprise Support   |   McAfee.com

    Legal   |   Privacy   |   Copyright © 2019 McAfee, LLC