4 Replies Latest reply on Sep 25, 2013 5:05 AM by midnightdevil

    Exclusions with system:remote

    midnightdevil

      Hello dear friends,

       

      I have a question regarding exclusions.

       

      I have a server running VSE 8.8 Patch 2 controlled by ePO 4.6.6. We have the recommended exclusions by McAfee for Win7 and Servers.

      My question is about a File Server running Windows 2008 R2, in which when users access a share, the transfer is incredibly slow to the point where it almost halts bringing the system do it's knees.

       

      I had a look at the OnAccessScan.log to identify which processes are involved that can cause this, but in this case, I can't identify a source process.

      Example:

       

      30-08-2013          13:38:20          Not scanned  (scan timed out)           NT AUTHORITY\SYSTEM          System:Remote          D:\Directory\File1.zip          none (Virus)

      30-08-2013          13:39:07          Not scanned  (scan timed out)           NT AUTHORITY\SYSTEM          System:Remote          D:\Directory\File2.zip          none (Virus)

      30-08-2013          16:15:03          Not scanned  (scan timed out)           NT AUTHORITY\SYSTEM          System:Remote          D:\Directory\File1.exe none (Virus) (this EXE is a compressed file which auto decompresses upon clicking).

       

      Now, since I have in the source process "System:Remote", how do I add the exclusion for this ? Or should I add the directories in matter as a low risk exclusion?

       

      Can anyone shed a light here?

       

      Thank you so much in advance.

       

      McAfee ePolicy Orchestrator Admin.