2 Replies Latest reply on Apr 19, 2016 11:43 AM by rmetzger

    Is there a especific Scan dor PenDrive on VirusScan?


      Good Morning,


      I have a doubt about VirusScan.  I want to create one Scan for PenDrive.  How can I create that exclusion?




      Leonardo Souza

        • 1. Re: Is there a especific Scan dor PenDrive on VirusScan?

          Good morning Leonardo.


          I'm not too sure what you are asking.

          Files will be scanned when you access them.

          To ensure all mounted drives are scanned, setup a scheduled scanned for all drives.

          If you are looking to scan a usb drive when attached to a system, that is not possible. Alternatives are to use an alternate tool to start the virusscan on demand tool for that drive.

          To create exclusions for a specific type of drive, that is not possible. Exclusions can be created by drive letters.



          • 2. Re: Is there a especific Scan dor PenDrive on VirusScan?

            Hi lsouzasclara,


            Just for clarification, are you referring to VirusScan Enterprise (VSE)?


            If so, then in my humble opinion, a specific scan for PenDrive (USB, Flash, or External drives) is simply redundant and not needed with VSE.


            If you would like to scan (with VSE) any drive all one needs to do is to:

                   In Explorer, right-click on the drive you wish to scan and select Scan.


            But this may not be needed as long as VSE has been configured to scan all files upon Read and Write. As long as this is done, scanning the entire external drive is simply redundant without value. The On-Access Scanner can handle this nicely without the performance penalty of scanning the entire drive. Scanning the entire external drive before allowing access is simply a placebo scan, used to placate the uninformed or the paranoid. If you find it necessary, those workstations can have the heuristics scan set to High, though expect false positives at this level.


            Files neither read nor written to any (external) drive pose no risk, as the files might as well not exist. With that in mind:


            Make sure that from the VSE Control Panel:

            On-Access Scan Properties>All Processes>Scan Items>Scan Files

                 Check "When reading from disk"

                 Check "When writing to disk"


            Make the equivalent settings change from ePO if available.


            This will ensure that any file on the USB drive is scanned prior to execution (autorun or otherwise).

            This will also ensure that files written to the USB drive are scanned during the write process.


            These settings should be in place regardless of external drives as this is an Absolute Requirement for stopping many forms of malware, for internal drives too.


            These 2 settings should protect against spreading malware, when keeping the signature files completely up to date.


            One of the strengths of VSE is it's ability to handle threats without the need for separate scan jobs (for external drives), as may be needed with other competing products.


            I replied at length to a similar question here that may be relevant:



            As for Exclusions, I will quote William Warren who states this better than I:


            [quote wwarren https://community.mcafee.com/message/406431#406431]

            You would want to adhere to the guideline, "Exclude nothing, unless you have to".


            If considering the exclusion, the pertinent data point to share is "Why?" because the theoretical answer is "No, it's not safe to have any exclusion, not even one". But, the reality is, you're juggling risk, how much risk you're prepared to accept vs. "whatever your reason is to consider the exclusion".

            Perhaps there is an alternate than to just exclude the whole folder's contents; a way to minimize risk and satisfy your need for the exclusion.



            A strategy for configuring for High Risk/Low Risk processes should be considered to minimize threat exposure while leaving security enabled, minimizing the impact and reason for the exclusion.


            I might suggest a thorough review of VSE 8.8 Best Practices Guide:

            https://kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/ 22000/PD22940/en_US/vse_880_best_practices_guide.pdf


            Hopefully this is helpful. Thanks for your time.

            Ron Metzger