This content has been marked as final. Show 3 replies
Technically it works like this:
1) a file is accessed by a process
2) Virusscan intercepts this access and checks the process name of the process which wants to access the file
3) if the process is listed in the high- or low-risk policy it uses the coressponding exclusion and scan settings configured in these policies
4) if it does not find the process name (filename) in either the low- or high risk-list it uses the default policy settings
Generally I would recommend creating a special policy for e.g. you exchange servers only only set the required exclusions for these systems via assigning the special policy.
So you are recommending that I don't worry about Low-Risk/High-Risk policies? Just setup my exclusions and go with that?
Exlusions configured with low-/high risk processes are always better as exclusion in the default policy as the apply to all of the processes not specified in the low/high risk policy. If you can determine the process it is better to use low/high risk exlusion with the corresponding process, but in case of exchange exlusions I would go with the McAfee knowledgebase article and configure general exlusions.