0 Replies Latest reply on Sep 1, 2011 9:30 AM by simonadams

    "Known Issue" with 'include subfolders' tick box in Exclusions

      A while back I spent ages getting together a set of good solid exclusion policies for Notes Servers, SQL servers, Domain controllers etc.

       

      Because EPO doesn't let you use heirarchies with the policies (ie. this exlusion applies to all groups, this one just to this group), all the basic Windows exclusions had to be manually entered into each group.

       

      Recently we noticed that Notes data

       

      files were being scanned on Notes servers in exactly the location that should have been covered by the exclude.

       

      So for example the exclusion was set as;

       

      **\domino\data\*.NSF

       

      and the files being scanned (listed as timing out in the logs) included;

       

      D:\Domino\data\ddm.nsf

      D:\Domino\data\cldbdir.nsf

       

      etc

       

      So I raised a call with McAfee, and their response was that the problem was that I'd ticked the "Include Subfolders" box, and this is a known issue with VSE 8.x.

       

      When I mentioned that I'd not seen anything about this in the documentation, I was pointed here -> https://kc.mcafee.com/corporate/index?page=content&id=KB54812

       

      You see at the bottom where it suddenly says "IMPORTANT: Do not select Include Subfolders when excluding a file, as this will produce incorrect results."

       

      I have no idea whether this means you should never select the tick box, you should only use it for folders, or some other option as to when you can use it and it will not break the whole rule.

       

      So I've had to go through all entries that do need subfolders excluded, in all groups, and add \**\*.xxx

       

      So the example above becomes

       

      **\domino\data\**\*.NSF

       

      It has annoyed me that they don't explain this clearly anywhere (and have wasted my time as a result), but I thought I'd post this note as these forums tend to be far more useful than McAfee documentation (which is realiable in how poor it is).

       

      Simon