8 Replies Latest reply on Sep 12, 2012 2:32 AM by rat2208

    Automate Exclusion List in McAfee 8.8 VSE

      Hi. I have been through various discussions and found out that one way to create an exclusion list in McAfee VSE8.x is through VirusScan console. But I need to  create exclusion list for thousands of machines and  it is not possible to do this manually. Can someone please suggest a way to create exclusion list via batch file?

        • 1. Re: Automate Exclusion List in McAfee 8.8 VSE
          Hemant Koli

          Hello rat2208.

           

          How you are managing thousands of machines??....You must be having McAfee ePO to manage machines.

          If your are using ePO then you can create exclusion list centrally from ePO for all systems.

          • 2. Re: Automate Exclusion List in McAfee 8.8 VSE

            We are not managing these machines. We have to provide McAfeeVSE8.8 as part of our end user installation. Hence I need a script which I can include along with McAfee software that will be exceuted once the installation is over and will create the required exclusion list.

            • 3. Re: Automate Exclusion List in McAfee 8.8 VSE
              Tristan

              The issue is moot really.

               

              If the company your setting the machines up for is running ePO (They should be if they're running that many clients). Then as soon as the machines are managed by ePO the exclusions will be over written with the default exclusion policy in ePO and all your work will be wasted.

               

              - If their exclusion policy is blank your work is in vain as it will get over written.

              - If their exclusion policy is populated your work is duplicated.

              • 4. Re: Automate Exclusion List in McAfee 8.8 VSE
                greatscott

                Sounds like you need ePO.

                • 5. Re: Automate Exclusion List in McAfee 8.8 VSE
                  rmetzger

                  rat2208 wrote:

                   

                  We are not managing these machines. We have to provide McAfeeVSE8.8 as part of our end user installation. Hence I need a script which I can include along with McAfee software that will be exceuted once the installation is over and will create the required exclusion list.

                  Since you 'are not managing these machines' I would suggest McAfee Installation Designer as the only other way to distribute changes to 'thousands of machines.' Besides ePO, this is the only other method supported.

                   

                  I would strongly recommend using MID instead of modifying the registry through some batch method. If your batch methodology has some unforeseen flaw, you may be creating havoc to 'thousands of machines' with no one to blame but your own methodology -- support is yours exclusively.

                   

                  Once a solid, well tested, configuration is constructed, MID is able to define vsecfg.cab file which can be distributed to end points. However, you will need to figure out how to shut down VSE's self-protection policies prior to copying vsecfg.cab to the machine.

                   

                  Whether ePO or MID, you have some research to do.

                   

                  Hopefully this helps,

                  Ron Metzger

                   

                  Message was edited by: rmetzger (modified file name of resulting MID file) on 8/30/12 12:14:27 PM EDT
                  • 6. Re: Automate Exclusion List in McAfee 8.8 VSE

                    Many Thanks for your reply. As I have mentioned earlier, we do not have ePO in our environment and the exclusion has to be done as part of McAFee Installation. I will look for MID for McAfee 8.8.

                    • 7. Re: Automate Exclusion List in McAfee 8.8 VSE

                      I am using Mcafee Installation Designer to configure McAFee VSE8.8 installation. I need to include environment variables in the items to be excluded from On-Access Scan. For eg:- I need to exclude ' %PROGRAMFILES%\Abc'  folder from On-Access scan. When I add this as an item to be excluded :'%PROGRAMFILES%\Abc'  , the path does not get resolved and I see the same value %PROGRAMFILES%\Abc'  in On-Access scan console.

                      Please let me know if there is way to add environment variables in the items to be excluded using MID.

                      • 8. Re: Automate Exclusion List in McAfee 8.8 VSE

                        Also, MID has options to configure On-Access Scan Exclusions and properties but no option to configure On-demand scan exclusions. Can someone please suggest how to configure On-demand exclusion list? or merely adding items to on-access scan exclusion list is enough?