1 Reply Latest reply on Jul 18, 2011 2:22 PM by joeleisenlipz

    Verification of files being scanned.

        Hello,

       

           I have a applicaiton vendor stating that McAfee is scanning their application files when we haev an exclusion already in place. How exactly can I find if the files are being scanned by McAfee? Is there a specific file that I should be looking at? Access.log / ondemandscan.log. I need to verify that the files are not be scanned..

       

             Thanks,

        • 1. Re: Verification of files being scanned.
          joeleisenlipz

          It is generally the On-Access Scanner that people have problems with, but it could be any of the components. There is a KB50981 article that walks you through using ProcMon.exe (from the SysInternals Suite) to determine what exactly is going on.

           

          I have been in dozens of 100,000+ environments, and everytime I have to introduce people to this process. It really is basic diagnostics, but few people know the in's and out's of it. Usually, this should result in adding a process to your Low-Risk Processes policy, but sometimes that isn't enough.

           

          My experience has been that people just want things to work (at any cost), and that rarely anyone cares about how to improve the heavy I/O caused by the application. Sorry, just venting a bit.

           

          Message was edited by: joeleisenlipz on 7/18/11 3:22:58 PM EDT