Regarding exclusion nomenclature, the *32 has nothing to do with the name of the process itself. If you look on disk, you will not find any processes with *32 in the name. The *32 is a visual identifier in Windows Task Manager to identify 32-bit processes running on 64-bit Windows. You do NOT include the *32 when building exclusions.
There is not a mechanism in ePO to stop scans that have been started via ePO. If this is desired functionality, please contact your account manager to file a product enhancement request.
Thank you very much, that is two out of three questions down
I have read the best practice guide, we implemented most of what it suggested and tweaked things from there. Unfortunately, it did not answer any of my questions that I had posed today. For the last remaining unanswered question, it only explains what high-risk and low-risk processes are, but does not explain what the exclusion field is in said high-risk/low-risk policy, nor how it differs from exclusions in the the normal on-access default process policy.
As mentioned, review KB66909. There are a variety of articles provided regarding high/low risk processes.
Per KB69805, If you add an exclusion to either the High-Risk or Low-Risk profile, it will be excluded from scanning only if it is being accessed by one of the processes/applications included in the list of processes defined in the corresponding profile. Therefore, the exclusion would not apply to processes and/or applications that would be scanned using the default profile.
Ahhh ok. I did not see the KB link. I understand it now. That is a rather interesting function, one that requires some thought.
Thank you. I'll mark your posts as correct answers, appreciate the quick responses!