4 Replies Latest reply on Sep 18, 2009 7:11 AM by MilleRJ

    Exclusuions in ePO regarding On Acess Scanner

      I am currently configuring my ePO with exclusions for different server types. I am also trying to avoid to many policies in my ePO server. But as I am struggling with this configuration I am suffering from non-standard server and installations...

      On some servers the files I am trying to exclude lies on C:, on other servers D:. What is best practise:

      1. Make an profile per server that matches each server perfect
      2. Make an general profile with exclusions that matches every server in my server group
        • 1. RE: Exclusuions in ePO regarding On Acess Scanner
          The fewer policies you have, the easier to manage, and therefore less likely to go wrong :)

          All things being equal, I would set up two groups, and set the policies at the group level.

          Let's say you want to exclude either C:\FOOBAR or D:\FOOBAR depending on which Drive FOOBAR is installed...

          + GROUP-C-FOOBAR <-- apply the policy exclusion here
          | + Server A
          | + Server B
          + GROUP-D-FOOBAR <-- apply the policy exclusion here
          | + Server C
          | + Server D

          Of course - if it really IS as simple as I've shown above, then you can also set a policy at the top level excluding **\FOOBAR\ - which will exclude foobar irrespective of which drive it is on, or how far down the path it is...
          • 2. RE: Exclusuions in ePO regarding On Acess Scanner
            Now the reality is not that simple...

            For example:
            Server 1: MSSQL, IIS
            Server 2: DC, WINS, DNS, DHCP, RIS, IIS
            Server 3: Oracle, IIS
            Server 4: IIS
            Server 5: exchange, IIS
            and so on...

            I am trying to set exclusions based om the applications on the server. And the application/services are scattered in many different combinations. I dont have x servers running IIS and y servers running oracle. It is all mixed up...

            I should need policies that aggregates/cumulative (I think that is the english word for it). In other words, several policies on one server, if you understand...
            • 3. RE: Exclusuions in ePO regarding On Acess Scanner
              Yeah, this is a feature that ePO/VSE is missing alright that would be pretty handy.

              It would be great to define a primary VSE policy - say Global_Default which excludes things like pagefile.sys and other standards, then a sub policy called IIS, then another one called Oracle, etc . . .

              Then you could apply a series of policies based on tags - so everything would get Global_Default, the ones you have tagged as IIS servers would get the IIS policy, the ones with IIS & Oracle tag would get both extra policies, etc . . .

              As you have described above, it's almost impossible to create policies to match all the combinations of servers you have. And it's not just as simple as bunging all the exclusions into one big policies - there are reasons you might want to exclude some things for Oracle but not exclude them for IIS.

              Come on McAfee . . . lose the monolithic approach to policy creation and make it more flexible, like for the real world.

              • 4. RE: Exclusuions in ePO regarding On Acess Scanner
                I agree a more flexible approach would be welcome...but with what we've got today, you have a couple of options, ShootKing

                a) Have the one generic policy that covers all bases - using the '**' wildcard
                e.g. Exclude **\Oracle\ & **\Exchange\
                It will exclude the items on each server IF THEY ARE INSTALLED/THERE.....

                b) Have specific exclusions for each combination of software

                ..but you already knew that :)

                Perhaps if you workout your individual exclusions you can see where a minor change to the exclusions can be used to reduce the number of groups - e.g. all mail servers in one group, all infrastructure in another, etc. This half-way-house may not be ideal, but may give you the right level of protection across the right servers...

                Good Luck