1 Reply Latest reply on Nov 12, 2013 3:42 PM by pbossman

    Report local and policy On-Access Exclusion List

    pbossman

      Is there a way to export a listof the On-Access Exclusions for a workstation?

       

       

      Also is there a way to distinguishbetween locally assigned exclusions in addition to the ones assigned throughpolicy

        • 1. Re: Report local and policy On-Access Exclusion List
          pbossman

          the answer is Yes,

           

          Here is the Powershell Script I wrote to accomplish this.

           

           

          Exclusion Detail will say DEFAULT for Local settings

           

          <#

           

           

                    .SYNOPSIS

                              This PowerShell script will output all the McAfee AV Exclusions

           

           

                    .DESCRIPTION

                              The Script will query the computer's registry to pull out the list of exclusions.

                              It will also parse the values, and report the type and details of the exclusion.

           

           

                    .PARAMETER AsString

                              Outputs the objects as a single String

           

           

                    .EXAMPLE

                              Get-AVExclusions -ComputerName CITRIX3201

           

           

                              ComputerName                    ExclusionType          ExclusionDetail                              ExclusionPath

                              ------------                    -------------          ---------------                              -------------

                              CITRIX3201                    File                              Include SubFolders                    **\Program Files\SBHF121\

                              CITRIX3201                    File                              NO SubFolders                              c:\*.asax

                              CITRIX3201                    File                              NO SubFolders                              c:\*.config

                              CITRIX3201                    File                              NO SubFolders                              C:\3mhis\cgs\client\

                              CITRIX3201                    File                              Include SubFolders                    C:\AMSSW

                              CITRIX3201                    File                              Include SubFolders                    C:\app\

                              CITRIX3201                    File                              Include SubFolders                    C:\CiscoWorks\

                              CITRIX3201                    File                              Include SubFolders                    C:\Documents and Settings\All User...

           

           

                              Description

                              -----------

                              This will get a listing of all the AV Exclusions for the specified computer

           

           

                    .EXAMPLE

                              Get-AVExclusions

           

           

                              ComputerName                    ExclusionType          ExclusionDetail                              ExclusionPath

                              ------------                    -------------          ---------------                              -------------

                              Localhost                              File                              NO SubFolders                              **\*.awp

                              Localhost                              File                              NO SubFolders                              **\*.btr

                              Localhost                              File                              NO SubFolders                              **\*.xa

                              Localhost                              File                              Include SubFolders                    **\Application Data\McAfee\Common ...

                              Localhost                              File                              Include SubFolders                    \AMSSW\

                              Localhost                              File                              Include SubFolders                    \Axeda\

                              Localhost                              File                              Include SubFolders                    \Intersystems\

                              Localhost                              File                              Include SubFolders                    \NEXES\

                              Localhost                              File                              Include SubFolders                    \Oncentra Software\

                              Localhost                              File                              Include SubFolders                    \Ora10g\

                              Localhost                              File                              NO SubFolders                              \Patient to Directory Cross-refere...

                              Localhost                              File                              Include SubFolders                    \ProgamData\Nuance\

           

           

                              Description

                              -----------

                              This will get a listing of all the AV Exclusions for the local computer

          #>

          Function Get-AVExclusions {

                    [CmdletBinding()]

                    param (

                              [parameter( Position = 0,

                                        ValueFromPipeline=$true,

                                        ValueFromPipelineByPropertyName=$true) ]

                              [String[]]$ComputerName = "Localhost",

           

                              [parameter()]

                              [Switch]$AsString

                              )

           

                    BEGIN {

                              Write-Verbose "Create an object to OUTPUT to the PipeLine"

                              $obj = New-Object PSObject

           

                              $Coll = @()

                              }

           

                    PROCESS {

                              if (test-connection -computername $ComputerName -Quiet -Count 1  -ErrorAction SilentlyContinue) {

                                        #check for 64-bit OS

                                        if ( $(Get-WmiObject -ComputerName $ComputerName Win32_Processor | select description) -match "x86" ) {

                                                  $64Bit = ""

                          Write-Verbose "WMI: Win32_Processor says 32-Bit"

                                        } else {

                                                  $64Bit = "Wow6432Node\\"

                          Write-Verbose "WMI: Win32_Processor says 64-Bit"

                                        }

           

           

                                        Write-Verbose "Connecting to Registry"

                                        if ( $ComputerName -eq "localhost" ) {

                                                  $reg = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey('LocalMachine', "")

                                        }

                                        else {

                                                  $reg = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey('LocalMachine', $ComputerName)

                                        }

           

                                        #check for 64-bit OS

                                        if ( $reg.OpenSubKey("SOFTWARE\\Wow6432Node\\McAfee") ) {

                                                  $64Bit = "Wow6432Node\\"

                          Write-Verbose "REGISTRY: SOFTWARE Key says 64-Bit"

                      } else {

                          Write-Verbose "REGISTRY: SOFTWARE Key says 32-Bit"

                          $64Bit = ""

                                        }

           

           

           

           

                                        Write-Verbose "Get Exclusions Keys from Registry"

                                        if ( $regKey = $reg.OpenSubKey("SOFTWARE\\" + $64Bit + "McAfee\\SystemCore\\VSCore\\On Access Scanner\\McShield\\Configuration\\Default") )

                      {

                          Write-Verbose "Found RegKey $($RegKey.Count) Keys"

                      } else {

                          $regKey = $reg.OpenSubKey("SOFTWARE\\" + $64Bit + "McAfee\\VSCore\\On Access Scanner\\McShield\\Configuration\\Default")

                          Write-Verbose "NOT Found RegKey $($RegKey.Count) Keys"

                      }

           

           

                                        Write-Verbose "Interate through all subkeys"

                                        foreach ( $key in $regKey.GetValueNames() ) {

                                                  Write-Verbose "Only work with Exclusions"

                                                  if ( $key -match "^Exclude*" ) {

                                                            # "Parse the key value into it's parts"

                                                            # "   example: 3|15|E:\ECTRLTEST"

                                                            $exclusion = $regKey.GetValue($key).Split("|")

           

                                                            # "Build the parts of the output object"

                                                            # "$obj | Add-Member -MemberType NoteProperty -Name Hostname -value "$ComputerName" -Force -PassThru"

                                                            switch ( $exclusion[0] ) {

                                                                      "0" { $exType = "Last Modified" }

                                                                      "3" { $exType = "File" }

                                                                      "4" { $exType = "File Type" }

                                                            }

                                                            switch ( $exclusion[1] ) {

                                                                      "15" { $exDetail = "Include SubFolders" }

                                                                      "11" { $exDetail = "NO SubFolders" }

                                                                      "3" { $exDetail = "Read/Write" }

                                                                      "2" { $exDetail = "Read ONLY" }

                                                                      "1" { $exDetail = "Write ONLY" }

                                                                      default { $exDetail = "DEFAULT"  }

                                                            }

                                                            $exPath = $exclusion[2]

                                                                      $myData = @{

                                                                      'ComputerName'="$ComputerName";

                                                                      'ExclusionType'=$exType;

                                                                      'ExclusionDetail'=$exDetail;

                                                                      'ExclusionPath'=$exPath

                                                            }

                                                                      # Place output object into Pipeline

                                                            Write-Verbose "Create an object to OUTPUT to the PipeLine"

                                                            $obj = New-Object -TypeName PSObject -Property $myData

           

                                                            $Coll += $obj

           

                                                            # Clear values in output object

                                                            #$obj.Hostname = ""

                                                            #$obj.ExclusionType = ""

                                                            #$obj.ExclusionDetail = ""

                                                            #$obj.ExclusionPath = ""

                                                  }

                                        }

                              }

                    }

           

                    END {

                              #  Clean up OUTPUT object

                              $obj = $NULL

                              If ($AsString) {

                                        Write-Verbose "Output all the exclusions as a Formated String"

                                        $Coll | Select ComputerName, ExclusionType, ExclusionDetail, ExclusionPath |

                                                  Sort ComputerName, ExclusionPath | Format-Table -AutoSize | Out-String

                              } else {

                                        $Coll | Select ComputerName, ExclusionType, ExclusionDetail, ExclusionPath |

                                                  Sort ComputerName, ExclusionPath

                              }

                    }

          }

           

          Message was edited by: pbossman on 11/12/13 3:40:39 PM CST

           

          Message was edited by: pbossman on 11/12/13 3:42:23 PM CST