3 Replies Latest reply on Jan 4, 2013 7:15 AM by Peter M

    Which Products Allow Me To Exclude Files During Scans?

      You might have noticed my post in the "home and business section" I had a question about whether or not my home Mcafee product could exclude files. I did have a further question about your business anti-malware products, though. At my job we are implimenting FireAMP on some of our mission-critical workstations (which run Symantec SEP) and I am looking at putting it on a few critical servers (after extensive testing on non-critical ones first), but we run Mcafee on our servers (for some ungodly reason). But one of the things I have been doing on the workstations is having Symantec ignore the FireAMP directory and vice versa. Otherwise SEP and FireAMP go into each others quarentine areas and pull the viruses. Its funny on my test systems but not on actual workstations and servers. So tell me, which of your business products (I will have the exact product and version # on monday) allow me to exclude programs and files from their scans? If your business products don't have you at least tested them with FireAMP or other advance anti-malware systems?

        • 1. Re: Which Products Allow Me To Exclude Files During Scans?
          rmetzger

          Hi theory5,

           

          Welcome to the forums.

           

          VirusScan Enterprise v8.x (VSE) has many many ways of excluding files, directories, and processes, with a great deal of configurability and performance tuning. Hopefully your servers are running VSE v8.8.

           

          FireAMP is designed to augment other Enterprise class anti-malware processes, like VSE.

           

          The rule of thumb for exclusions is to Never add exclusions unless Absolutely necessary. Hopefully you will not need to add any exclusions (as this has been my experience). If needed, you may be able to configure FireAMP as a Low-Risk process within VSE. However, I would talk to your McAfee representatives to better define what VSE changes are needed to co-exist with FireAMP, as each site and your needs will probably need tuning beyond that of a forums reply can achieve. I wouldn't presume to know enough about your environment to properly advise on your security needs.

           

          Also, the Home (retail) VirusScan and VSE are two totally different products with different code bases. Please realize that the Retail version of VirusScan will not run on Windows Servers. The retail version VirusScan is designed to limit the number of configurations but allow different versions from ISPs and the like, which minimize technical support issues and variability.

           

          The Enterprise version of VirusScan is designed to give highly configurable processes designed for business use and is designed for security professionals (not just home users with some anti-malware experience). I would argue that SEP is based on the retail code base with additional stuff added for 'enterprise' classification. This may be the 'ungodly reason' for McAfee VSE (Enterprise) on your servers. 'ePO' is another component to consider within your environment.

           

          Hopefully this is helpful.

           

          Ron Metzger

          • 2. Re: Which Products Allow Me To Exclude Files During Scans?

            I think if you want to exclude FireAMP from VSE you can do this:

             

            Open the VirusScan Console.

            Select On-Access Scanner Properties from the Task menu.

            Select All Processes from the left pane.

            Select the Exclusions tab.

            Click the Exclusions button.

            On the Set Exclusions dialog click the Add button.

            Click the Browse button and select your FireAMP Connector install directory and check the Also exclude subfolders box.

            Click OK.

            Click OK on the Set Exclusions dialog.

            Click OK on the On-Access Scanner Properties dialog.

            • 3. Re: Which Products Allow Me To Exclude Files During Scans?
              Peter M

              I updated my answer to your consumer products post as I realised that at least one of the programs you mentioned isn't an antivirus (Malwarebytes AntiMalware) and I don't think Symantec/Norton consumer products allow real-time exemptions either.

               

              I did, however post the easy method one can follow to get an exemption from the labs.    Unless a person is in the habit of downloading risky files, then the problem should be a rare occurrence anyway.