3 Replies Latest reply on Nov 6, 2014 5:57 PM by wwarren

    VSE best practices

    lucavidali

      Hi All,

      are you using the default process or the High and low risk?

      Are you using scanning "all files" with exclusions for harmless files (.log .txt...) or the "Default + additional"?

      I found the vse_880_best_practices_guide.pdf but I want to know the community opionion because it's based on reality

      Is there, somewhere, the XML precompiled full VSE policies (all categories)  based  on best practise that covers all the major software (sql, AD, oracle,ecc)

       

       

      Many thanks

      Luca Vidali

        • 1. Re: VSE best practices
          Laszlo G

          Hi lucavidali,

           

          People usually has only the default processes policy configured as it's easier to manage but there are some excepctions like Exchange Exclusions and others (as per Mcafee)

           

          You don't need, by default, to scan additional files unless you eant to tighten security on a computer/server

           

          Anyway, if you haven't checked it yet, you can have a look at this KB for SQL, Exchange, etc... exclusions:

           

          McAfee KnowledgeBase - Consolidated list of VirusScan Enterprise exclusion articles

          • 2. Re: VSE best practices
            lucavidali

            Hi Laszlo,

            thanks for your reply!

             

            I read many times the Consolidated esxclusion article but sometimes it isn't up to date to the latest software version or, often, doesn't include the product (and also the vendor doens't specify the exclusion, for example vmware for vcenter).

             

            For example another problem is related to java exclusion, and so on and so forth.

             

            What I mean is: somebody knows if there is a consolidate XML policy file that contains all the esclusion for the know performance issue?

            If not probabily (IMHO) is a good idea to mantain (at the community level) an XML policy file based on the user experience and everyone can update it. This because the manly used software is the same in all company (Office suite, java, vmware, sql, ad, eccc.).

             

            Regards

            Luca

            • 3. Re: VSE best practices
              wwarren

              If not probabily (IMHO) is a good idea to mantain (at the community level) an XML policy file based on the user experience and everyone can update it.

              If I was a malware writer, I would look forward to these types of documents being made available.

              They would tell me _exactly_ where I can safely place my malware and avoid being detected. And if more people can adopt those practices, I will have success attacking more environments.

               

               

              What you _should_ do, as a general rule-of-thumb, is exclude NOTHING unless you have to.

              And, when you have to, open the hole in your scanning configuration to be as small as possible. That is where VirusScan's High/Low/Default scanning profiles comes in handy, so you're not just excluding a file/folder for ALL processes but only for specific processes - that way, if any other process touches your file/folder, it results in a scan but for the process(es) you designate as low risk, the exclusion takes place.