5 Replies Latest reply on Jan 27, 2010 9:37 PM by smalldog

    Exclusions in ePO

      Hi

       

      Can I setup an exclusion to do a process exclusion for argument on C:\Program Files\Microsoft SQL Server\BIN\SQLSERVR.EXE then that EXE can read/write whatever it wants and AV will ignore that IO.

        • 1. Re: Exclusions in ePO
          smalldog

          You can do it through Policy of VirusScan (see attachment file) and read here for how to use wildcards https://kc.mcafee.com/corporate/index?page=content&id=KB54812

          • 2. Re: Exclusions in ePO

            Thanks again but that is not what I am after. That is really basic and I have many, many exclusions already configured what I am after however is the eliminating the inputs and outputs of an application as well. It could be that the app (exe) is writting to many files and reading from many sources.

             

            For example I could have a DTS package reading from a txt file and another from a Oracle database and another from an excel document those are what I am wanting to exclude. The thing is I have no idea as to where the input would be coming from or where the output would be going. I do understand that the output would most likely go into a MDF and LDF file but the content could also be transfered to another system like Hyperion. Hence I am looking at rather excluding the physical process from being scanned that is what I am wanting to know.

            • 3. Re: Exclusions in ePO
              smalldog

              Hi Warlock, i think you can consider about HIPS that can do something you are talking about. It can ignore some processess so the process can do anything without prevent

              • 4. Re: Exclusions in ePO

                I have found something under Policies under systems where you can specifiy the actual process executional. Not sure what that is going to do but the heading looks to be heading in the correct direction. "Specify processes that have a higher risk  of introducing or spreading potential threats"

                 

                What do you think. You will still have to do the exclusion of the output and the input. The question now is:

                What impact does this have on system performance in terms of processor utilisation on for argument sakes entering SQLSRVR.EXE in there and it starts processing a virus. In addition to this what would it do? Shut the process down or what.

                • 5. Re: Exclusions in ePO
                  smalldog

                  Hi Warlock, you can see description about High and Low Risk than decide your direction. Decide which processes are low-risk and high-risk:
                  - Low-risk processes typically have a lower possibility of spreading or
                  introducing a virus. These can be processes that access a lot of files,
                  but do so in a way that has a lower risk of spreading viruses. For
                  example, backup applications and compiling processes.
                  - High-risk processes typically have a higher possibility of spreading or
                  introducing a virus. For example, processes that launch other
                  processes such as Microsoft Windows Explorer or the command
                  prompt, processes that execute scripts or macros such as WINWORD or
                  CSCRIPT, and processes used for downloading from the Internet such
                  as browsers, instant messengers, and mail clients.
                  Default processes are any processes not defined as low-risk or high-
                  risk processes