2 Replies Latest reply on Jun 16, 2011 6:16 PM by ekrocket

    folder exclusions

      How do people handle folder/file exclusions in McAfee?   For instance, I have 3 servers with their own unique folder exclusions.  Should I create 3 seperate policies, one for each server, or just have one global policy?

       

      I'm tempted to just use one global policy and apply it to all servers for ease of updating.


      Thoughts?

        • 1. Re: folder exclusions
          RRMX

          This is more a personal choice... the question to ask would be:

           

          Are you comfortable with the risk of there possibly being malware in one of the exclusion folders on one server or all three?

           

          It also depends on the folder... if you are planning on excluding something like %Temp then I would restrict that as much as possible (I wouldn't recommend that at all actually), even if it means making separate policies. However, if you are just excluding a folder for a program installation under C:\Program Files\Whatever Program, then I don't see it being as much of a security risk.

           

          It really depends on what you are comfortable with security-wise.

          • 2. Re: folder exclusions
            ekrocket

            RRMX is correct and i would never want to exclude the %temp% folder for ANY reason!

             

            Also there are other ways you can go aboout setting exclusions. Following this link:

            https://kc.mcafee.com/corporate/index?page=content&id=KB66909&actp=search&viewlo cale=en_US&searchid=1308265772198

             

            wll give you a list of all exclusions for various thrid party programs (Exchange, SQL, Backup Exec) and the documentation also provides the correct way to exclude files and folders.

             

            Becoming infected with a virus/fake alert/trojan is always a risk but having your VSE or backup software processes are less likley to become compromised because of the integrity of the process. Someone cant just modify frameworkservice.exe, for example.

             

            What you can do if you want to be specific is (in ePO) create policies for the servers/workstations and create specific exclusions there. Using the mentioned article will help you get in the right direction