1 Reply Latest reply on Apr 4, 2012 12:37 AM by wwarren

    Access protection: Which exceptions can we delete?

    ottawa_tech_31

      If you look at the Access protection, the processes that are allowed to modify Mcafee files and settings, there are a bunch there, and a lot are for apps that don`t even exist anymore (like the giant anti-spyware, which was bought out years ago by MS).

       

      I know Mcafee will tell us we shouldn`t mess with the ones they include by default, but i`m also a believer that if we don`t need an exception, then it shouldn`t be there...

       

       

      On a similar note, instead of having a KB article describe the recommended exceptions for SQL server, domain controllers, etc....why not attach the policy  XML file to the KB  article, so we can just use the proper ones (here ot the policy for Exchange 2003/2007/2010, here is the policy for Domain controllers, etc...

        • 1. Re: Access protection: Which exceptions can we delete?
          wwarren

          Agreed; if you know an exclusion isn't needed for your environment you are welcome to remove it.

           

          Note though, once you veer off from the default rule set, each rule you modify becomes "Your" rule and McAfee has limited ability to change it.

          i.e. Your changes get written to the registry which overlay and take precendent to our default rule content file (vscan.bof). So if we update the content file, your changes still overrule ours.

           

          Also note, you may think that reducing the rule content by removing unnecessary process names etc is shrinking the overall memory footprint needed to track the rules - but it is not.

           

           

          I  like the idea for attaching policy XMLs to the KB. You should submit this to our PER database.