2 Replies Latest reply on Feb 16, 2015 3:48 PM by wwarren

    Low Risk Processes - McAfee Agent .exes

    shocko

      Should the frameworkservice etc. be added to low risk processes does that even make sense? See: http://www.vmware.com/files/pdf/techpaper/vmw-mcafee-security-protection-best-pr actices.pdf

        • 1. Re: Low Risk Processes - McAfee Agent .exes
          Richard Carpenter

          Hi shocko

           

          Check out the VSE 8.8 Best Practices Guide here and take a look at page 21 (Defining the default high and low processes during scans)

           

          Regards

          Rich

          Volunteer Moderator

          Certified McAfee Product Specialist - ePO

          • 2. Re: Low Risk Processes - McAfee Agent .exes
            wwarren

            Short answer is "No" but the reality is, if you were to do something like that you'd probably see some level of performance gain.

             

            The answer is "No" because McAfee products are able to invoke code that notifies our scanner "Hey, I'm McAfee code, and I'm about to invoke some file transactions that you don't need to scan".

            However, as you may imagine, this is not a default mindset of security-minded individuals, to simply tell the scanner "Don't scan what I'm doing". So, while that capability exists it is not always used.

            Perhaps as McAfee code becomes more secure over time, as in our processes for all our products become more secure against intrusion from 3rd parties, we'll be able to more safely adopt practices of avoiding scans for work done by McAfee processes. Until then, it'll be up to you/customers to determine if a little performance gain is worth the potential risk of exclusions or placing processes in low risk profile. (As of this posting, I've not seen any ill come of such configurations, but that can change any day).