3 Replies Latest reply on Dec 3, 2013 10:00 AM by petersimmons

    Can you exclude an entire drive from being scanned by OAS?

    kjhurni

      Is it possible to exclude an entire drive letter (ie:  E:\) from being scanned by the OAS in VSE 8.8.x?

       

      We currently have the "low" and "high" scan settings, so I can't remember if the General settings kick in or not or combine with what you specify in low/high risk processes.  But the General Setting is the only spot I can see "Exclusions" for to define a drive letter (the rest is by process, of course)

        • 1. Re: Can you exclude an entire drive from being scanned by OAS?
          petersimmons

          Either VSE uses the On Access General Settings -or- it uses High/Low Risk AND General. Everything always is affected by general unless it is named process listed in the low or high risk groups.

           

          Now that's out of the way, why on Earth would you do something crazy enough to exclude an entire drive? From a security perspective that's a horrible idea.

          • 2. Re: Can you exclude an entire drive from being scanned by OAS?
            kjhurni

            Hi Peter,

             

            So from a TECHNICAL perspective, I'd just put in say:

            E:\*

             

            as an exclusion?

             

            Now, as to why?

            I'm only being asked this by one of our Windows Admins if it's doable.  I agree, bad policy, but perhaps they want to use a dedicated swap drive it's holding an MS SQL database or something.

             

            I mean, if you look at the VSE and MS KB articles, you'll see that there's a LOT of exclusions that are "bad security" policy, but are necessary for things like SQL, Exchange, etc. to function properly.

            • 3. Re: Can you exclude an entire drive from being scanned by OAS?
              petersimmons

              No technically those "bad security" policies aren't required. They are suggested by Microsoft who writes exclusions for legions of AV products. But if you use our Profiler tool you will see that we don't scan the contents of those swap drives for standard things like SQL and Exchange. Writing those exclusions is 100% pure unadulterated placebo. Go use the Profiler tool and prove it to yourself.

               

              And the exclusion would be e:\. No extra stars are necessary. I you mean a directory then the last character is always the trailing slash.