I am trying to understand how the "path exclusions" and "process exclusions" in McAfee Move AV [Multi-Platform] works! Is this where I include the vendor recommended AV exclusions?
I know 2 ways:
1: Exclude files on offloadscanner like normal excludes (OAS - Low/High and Default excludes) --> Exclude there if necessary
2: Exclude of sending files to the Offload scanner. --> in MOVE AV [Multi-Platform] Client 2.6.0:MOVE AV [Multi-Platform] > General > Policy = in "scan items" (Don`t exclude there)
Create a scheduled task for a on-demand scan overnight, after the DAT update is released, on the "offload scanner server system". So in the scan cache the system files are allreaddy cached. It makes it much quicker thrue the day.
What else is not clear?
Hope it helps
Nachricht geändert durch mbauman8 on 20.02.13 13:06:38 CST
I really appreciate the time you took to respond to my questions. I must admit, I am entirely sure that I fully grasp your recommendations, for example, in 1: "Exclude files on offload scanner like normal exclude". Normal to me means modify the exclusions in the assigned policy groups under "on-access default processes policies". Is this what you are referencing? I was under the impression MOVE exclusions were solely confined to the MOVE AV [Multi-Platform] > General > Scan Items > Path Exclusions & Process Exclusions. You are recommending that we don't use this path, which is different from what I was previously told.
You asked if "..Is this where I include the vendor recommended AV exclusions?". The short answer is yes, this is where you would apply your AV exclusions.
I've also supplied the following which should assist you in creating the exclusions for the version of MOVE AV 2.6 that you are using.
McAfee MOVE AV 2.6 Multiplatform Patch 1 does not currently support the use of wildcards. Please use the following syntax examples to correctly create the exclusions that are needed for your configuration.
McAfee MOVE Antivirus – Path and Process exclusion examples.
McAfee MOVE 2.5 & 2.6 Agentless does not support the use of wildcards or environment variables. No wildcarding syntax is allowed.
The exclusion list is a pattern match, so "\test.docx" excludes any path that includes that string and "\Temp\" excludes any path that includes that string.
NOTE: All sub-folders are also excluded.
Here are some examples:
*NOT* Support syntax
Please note: MOVE AV 2.6 Multiplatform Patch 2 will add full VirusScan Enterprise style wildcard exclusion support. This new feature also includes the ability to export the VirusScan Enterprise exclusion policy and import them directly into the MOVE AV 2.6 Multiplatform policy from the ePO Server.
The Patch 2 update also adds support for ePO 5.0 and the McAfee Agent 4.8.
The MOVE AV 2.6 Multiplatform Patch 2 is expected to be released in Q1-2013 (March).
On final thing... is the "\" at the end of the path signicant?
I gess it is like on vse:
c:\srv\test will exclude file test
c:\srv\test\ will exclude folder test
without ,\' MOVE translat it as --- > file NOT folder
on 05.03.13 12:15:20 CST
Your answer is exactly what my colleague assumed. "\" to denote directories. I was a little indifferent and was hoping that either optioned worked. The MOVE documentation is not very clear on serveral points. Thanks again.
The ending "\" only adds additional pattern to be matched. For MOVE AV 2.6 Multiplatform Patch 1 it doesn't really matter.
The MOVE AV 2.6 Multiplatform Patch 1 doesn't not know that the pattern is a folder or a file, it is only a pattern to be matched.
Is there a list of Process exclusions and Path Exclusions? I cannot find anything with specfic exclusions to look for.