5 Replies Latest reply on Sep 21, 2011 9:20 AM by msimard

    Exclude directories/sub-directories from on-access scanning

    chall

      Greetings,

       

      We are running ePolicy Orchestrator 4.0 and are trying to exclude dirs/sub-dirs from on-access scanning. In Systems, I go to Policies => Product:VirusScan Enterprise 8.5.0. I looked in on-access default processes policies and on-access general policies and I do see the option for 'Exclusions', but it only gives the option to exclude by file type, age, pattern...

       

      Is there another place I should be looking?

       

       

       

      Thanks,

      C

        • 1. Re: Exclude directories/sub-directories from on-access scanning
          jmcleish

          Put the folders in the pattern area.

           

          Info below on using wildcards

          HTH

           

          Corporate KnowledgeBase

           

          How to use wildcards with exclusions in McAfee VirusScan Enterprise 8.x

           

           

                                                  
          Corporate KnowledgeBase ID:  KB54812
          Published:  July 22, 2008
           

           

          Environment

               
          McAfee VirusScan Enterprise (All supported versions)

          Summary

               
          How to use wildcards when creating exclusions with McAfee VirusScan Enterprise.
           
                                                                                                                                                                                                                                                                                                                                    
                                                                                                                                                                                                                                           

          Solution  1

               

                      How to use wildcards when creating exclusions with McAfee VirusScan Enterprise        

                 
          When excluding all files of a particular extension, use the option to exclude files by Type and specify the desired extension.
                                                                                                                                                                                                                                       

          Solution  2

               

          Wildcards (**,*, ?) are helpful in creating exclusions for VirusScan Enterprise (VSE), but certain rules apply (see examples below):

                 
          •                
            Exclude the Favorites folder for all users:
                               
                                                        C:\Documents and Settings\*\Favorites\
                                       
                                   
                               
                           
                       
          •                
            Exclude any folder named Favorites on drive C:
                               
                                                        C:\**\Favorites\
                                       
                                   
                               
                           
                       
          •                

            Exclude the Temp folder in any location, on any drive.

                           

                                **\Temp\**                

                           

            In this example the following directories would be excluded:

                           
                               

            C:\temp                    

                               

            D:\windows\temp                    

                               

            c:\documents and settings\Administrator\Local Settings\temp                    

                           
                       
          •                
            Exclude any file with a .tmp extension in a folder named Temp anywhere on the system:
                               
                                                        **\Temp\*.tmp
                                       
                                   
                               
                           
                       
          •                
            Exclude any file with a .html extension anywhere on the system:
                               
                                                        **\*.html
                                       
                                   
                               
                           
                       
          •                
            Exclude all files named inifileX (where X is any valid character for a filename) within any folder name beginning with Temp under C:\Windows:
                               
                                                        C:\Windows\Temp*\inifile?.*\
                                       
                                   
                               
                           
                       
          •                
            Exclude all files with the tmp extension (*.tmp) in any folder on a specific drive:
                               
                                <drive:>\**\*.tmp
                               
                               
                           
                           
            In this example any *.tmp files on the D: drive will be excluded:
                       
                 
                     
                         
                             
                                  D:\**\*.tmp                        
                                 
                                 
                             
                         
                     
                 
                 

                                      IMPORTANT:             Do not select Include Subfolders when excluding a file, as this will produce incorrect results.

                 
          For additional information and examples, review the VirusScan Enterprise 8.x Product Guide.
                                                                                                                     
                                                                                                                                                                                                                                                                                                                                    
          • 2. Re: Exclude directories/sub-directories from on-access scanning

            Tried to exclude extensions in a folder and subfolder.

                c:\Program files\Test Application\*.tst - Including subfolders ticked.

            The c:\Program files\Test Application\test folder\test1.tst was scanned.

             

            Have now created both the below to eliviate to problem.

               c:\Program files\Test Application\*.tst - Including subfolders ticked.

                 c:\Program files\Test Application\**\*.tst

            Will see if it works.

            • 3. Re: Exclude directories/sub-directories from on-access scanning
              jalg56

              Good morning,

               

              We're running ePo 4.5 (VirusScan 8.7)

               

              Just a question about exclusion elements, i would like to exclude a specific directory using system variable such as:

               

              %userprofile%\Application Data\Alt-N\Outlook Connector 2.0\Accounts\Outlook  (for xp users)

               

              and

               

              %userprofile%\appData\Roaming\Alt-N\Outlook Connector 2.0\Accounts\OutlookConnector (for vista users)

               

              Is it possible ??

               

              Thanks a lot

               

              Jalg56

              • 4. Re: Exclude directories/sub-directories from on-access scanning

                Hello Jalg56,

                 

                Afaik, the %UserProfile% variable cannot be used as an exclusion for the logged on user. This environment variable is set for the User, and OAS runs under the LocalSystem account and can only see the system environment variables.

                 

                I'd create an exclusion like below according to your example:

                 

                **\Alt-N\Outlook Connector 2.0\Accounts\Outlook*\

                 

                Hope this helps.


                Regards,
                Bruno

                 

                 

                • 5. Re: Exclude directories/sub-directories from on-access scanning
                  msimard

                  But are system variable works ? the %windir% ? %systemroot% ? Those two are specify in exclusion for server a lot, so it would be nice to be supported.

                   

                   

                  thanks...