4 Replies Latest reply on Feb 11, 2011 11:58 AM by clbarnett

    How to exclude URL from On-Access Scan

      Hi,

      I have installed SAP Business Objects XI 3.1 SP3. for connecting this application through web with below URLs.

       

      http://ServernameXXX:8080/CmcApp/logon.faces

       

      http://ServernameXXX:8080/InfoViewApp/logon.jsp

       

      opening, connecting, and working was very slow, same test i did by disabling On Access scan application running like any thing. we can find huge difference in performence.

       

      i have istalled HotFix, but still no use.

      https://kc.mcafee.com/corporate/index?page=content&id=KB65382

       

      can some please help me how to exclude URL from this...

       

      MacAfee Version:- 8.5.0i

       

       

      Thanks,

      Srinivas

        • 1. Re: How to exclude URL from On-Access Scan

          You don't actually exclude a URL from scanning.  On-access scanning works by scanning files as they are accessed.  What you need to do is find out what files get accessed on the machine when the URLs are accessed, and then exclude these files.

           

          First step is to contact your application vendor support and ask for their recommendations for anti-virus configuration.  If they have a documented recommendation of what files to exclude, follow their recommendation.

           

          Assuming this is a java-based web app, next step is to consider upgrading to VSE 8.8.  It will cache files that have been scanned and not rescan them if they are accessed again. You'll still take a performance hit when first loading the web app, but then performance should improve until DATs are updated.  This may be a good compromise between security and performance.

           

          Otherwise, welcome to the world of tuning your anti-virus. Check your on-access scan log (usually in c:\documents and settings\all users\application data\mcafee\desktopprotection or something similar).  Scroll towards the bottom of the log and look for 'scan timed out' entries.  Those items that aren't being scanned because they're timing out should probably be excluded. (No point in taking the performance hit of trying to scan them if they're going to time out and not get scanned anyways).   A log entry will look something like this:

           

          2/9/2011 10:45:53 PM Not scanned  (scan timed out)  NT AUTHORITY\SYSTEM C:\Program Files\Common Files\IBM\icc\cimom\bin\wmippa.exe C:\Program Files\IBM\Director\cimom\logs\SmartInterface.log

          Make sure when you read the log, you realize the first path and file name is the process that's accessing the file.  Don't exclude this from scanning; it's not being scanned.  It's the process that is causing McAfee to scan the second file.  So, in the above example, there's a process wmippa.exe that's running and accessing the file SmartInterface.log.  You can use the process information to set up different profiles for low- and high-risk processes; for more information on how to do that read the administrators guide.

           

           

          Sometimes things are slow but not actually causing timeout errors in the log.  Here's what I do to determine the best exclusions when performance is impacted by on-access scanning. Hopefully you have a blue vshield icon in your system tray.  Double-click on this icon and it should bring up 'On-Access Scan Statistics'.  In this box, look for a line 'Last File Scanned'.  While this is open, open your browser and go to the URL.  As the browser is accessing that URL, it's probably loading a java app (which are notoriously slow).

           

           

          The 'last file scanned' will not show every file as it's being scanned, but you should get a good idea of what files are being scanned as the java app is being loaded.  Hopefully you can determine a location (or locations) that are heavily scanned during application launch or use and then exclude those locations.  For example, you may determine that need to exclude the following files:

          %USERPROFILE%\Application Data\Sun\Java
          %SYSTEMROOT%\Sun\Java

           

          Be sure to carefully weigh the security implications of excluding files from scanning vs the performance gain.  Java is a common target for malware these days (probably because malware writers are aware that lazy admins often exclude too much java stuff because people complain about how slow java apps are when they are being scanned by av).  If possible, when writing the exclusion, exclude files on read but don't exclude on write.

          1 of 1 people found this helpful
          • 2. Re: How to exclude URL from On-Access Scan

            HI,

             

            Kindly check if the script scan is enable on On-Access scan, If it is enable exclude the URL from Script scan.

             

            Kindly find the below McAfee KB for white list the URL from scanning,

             

            https://kc.mcafee.com/corporate/index?page=content&id=KB65382

             

             

            Nagu

            • 3. Re: How to exclude URL from On-Access Scan

              Hi Thanks, for your quick reply..

               

              I tested the steps and i found while opening the above two urls' , files under the below folder is using. now i want to exclude the below folder from scan.

               

              E:\Program Files\Business Objects\Tomcat55

               

              Please help me how to implement.

               

              I am using MacAfee 8.5.0i

               

              Thanks,

              Srinivas

              • 4. Re: How to exclude URL from On-Access Scan

                Steps are different depending on whether you're using ePO or not and how you have the software configured.  I'll assume no ePO in a default installation.

                Run the VirusScan Console

                Click on On-Access Scanner

                Click on All Processes

                Click on Detection

                Click on Exclusions

                Click Add

                Enter the path you wish to exclude (you probably want to check the box 'Also Exclude Subfolders'.

                Click ok

                Click Apply, OK.

                 

                Here's the master article for VSE Exclusions and links to further information:

                https://kc.mcafee.com/corporate/index?page=content&id=KB66909