1 Reply Latest reply on Oct 17, 2013 5:02 PM by ssumichrast

    VirusScan Processes Policies

    gdavid

      Looking at setting up different scanning policies for high-risk, low-risk, and default processes.

       

      For Low, Default, High Risk processes it seems each one has a exclusion category.

       

      Can I assume then that for each category (low, default, high). the scan items / exclusions / actions only apply for the processes listed in it?

        • 1. Re: VirusScan Processes Policies
          ssumichrast

          Yes, you have to enable the option in the "default processes" policy to use three different settings (forget the exact wording right now).  Once you have that you turned on, you then specify processes to include in the high category (set in high risk policy) and low risk (specify in low risk category). If memory serves, AV will check the high risk, low risk and then default policy.  First match wins. So if you have notepad.exe in high and low, the settings in high will win.

           

          Im in this mess right now.  Knowing what I know now, I would always recommend to enable the high and low risk options in the "default processes" policy.  Then you are ready to classify high and low risk processes instantly.