1 Reply Latest reply on Sep 23, 2010 4:56 PM by rmillersd619

    McAfee On-Access Exclusions

      I'm wanted to modify the VirusScan 8.7.0 On-Access policy to exclude certain directories. I've reviewed KB50998 on how to use single and double asterisk but i'm unclear if the following is correct:

       

      I'd like to exclude all directories that have the words "Toad for Oracle". I'm thinking this will work **\Toad for Oracle*\

       

      I'm really trying to exlcude these two directories with one exlusion  policy. I also want account for version changes. e.g. when the new  directory is Toad for Oracle 11.0

      C:\Documents and Settings\user_name\Application Data\Quest Software\Toad for Oracle

      C:\Program Files\Quest Software\Toad for Oracle 10.5

       

      Let me know if that will work

       

      Thanks

      Chad

        • 1. Re: McAfee On-Access Exclusions
          rmillersd619

          It should. We have an exclusion similar to what you're proposing but with Visual Studio and it works.  Check out KB67648 for testing to determine if Exclusions (or low risk processes) are effective.

          We've also tested the trailing backslash and despite what McAfee says it appears to work whether it is there or not (ex. **\toad for oracle* vs. **\toad for oracle*\). I put the \ in just to be diligent about it.

          The way we did this was to set the exclusion at the \quest software\ level. We may yet tighten it up.

           

          Something else to keep in mind is if you use separate on-access processes policies (high, low, default - we do) you will need to exclude the same path on the high risk process in addition to the on-access default. We found that svchost.exe (on-access default) and explorer.exe (on-access high risk) were involved in opening toad.exe. If you just use default on-access processes policies you should be fine with your exclusion in that category.

           

          Regards,

          Bob