cancel
Showing results for 
Search instead for 
Did you mean: 

RE: Exclusions

> I think another easy way to explain the difference between high/low risk processes is that low risk
> processes get scanned one time when they enter the memory space and that's it. High risk processes are > scanned as they enter memory and again every time they access anything on the file system.

No this is not correct. The processes filename (e.g. myapp.exe) included in e.g. low-risk settings is not excluded from scanning. So when myapp.exe starts this exe will be scanned everytime it is started. But all files accessed by myapp.exe are scanned with the settings in low-risk settings. All exclusions there are only valid when myapp.exe accesses excluded files. So if myapp.exe accesses a file like data.txt and this file is not excluded via the low-risk settings it is scanned everytime it is accessed.

The same for high risk processes. So the best way is to see it as two seperated scan settings valid for the specified processes. If a process accesses a file not specified on low or high-risk settings then itself and all files accessed by this process is scanned with the default settings.

RE: Exclusions

Tom,

I thought I understood this before - but your latest post has confused nme - probably just me being thick and misunderstanding the post....

I thought that a process that was defined on the low risk policy setting and was set to not scan on read/write - then that meant that after this process has been initiaed (and scanned) all disk read/write operations are exempt from scanning irrespective from whether they are specifically excluded in the file/folder exlusions list - is this correct ?

JIm

RE: Exclusions

Hi Jim,

> all disk read/write operations are exempt from scanning irrespective from whether they are specifically
> excluded in the file/folder exlusions list - is this correct ?

Generally not. The files accessed by the specified low risk process is scanned with the low-risk settings you set. E.g. when you generally deactivate the READ scan in your low-risk settings all read operations for this process are not scanned anymore.

It would be possible, even if it makes no sense, to specify the same settings in high/low and default settings. This would lead to scanning all processes with exact the same settings.

RE: Exclusions

Hi Tom,

Thanks - (I Think) 🙂

I've obviously got a mental block when translating your posts grin because I just read what you said as agreeing with what you quoted me as saying and then disagreed with ? so what did I miss ?:D

I was trying to say that if I added a process to the low risk policy settings and turned off red/write scabnning for that low risk policy BUT had no files/folders specifically aded to the file/folder exclusion list then the effect would be that no file accesses for the specified process woukld be scanned.

Jim

RE: Exclusions

Could also be that my english is not that clear

But now you clearly spoke the truth happy

RE: Exclusions

Phew! - Glad that's sorted grin
More McAfee Tools to Help You

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community