1 Reply Latest reply on Aug 31, 2016 2:22 PM by joshua.dixon

    VSE exceptions

    aneta5

      Hi

      I am getting flustered with VSE exceptions and really hoping for some help. For example, according to MS when running IIS I should have the following excluded:

      Process Exclusions

      • %systemroot%\system32\inetsrv\w3wp.exe
      • %systemroot%\SysWOW64\inetsrv\w3wp.exe

      Should I put them in low risk or default on scan exclusions? Do I need to specify the path?

       

      Is there a McAfee document that would have all exclusions gathered according to its liking, high, low risk, default? Microsoft sent me to McAfee, McAfee sends me to Microsoft….

      BTW my low risk excludes read and write scan.

       

      Thank you

        • 1. Re: VSE exceptions
          joshua.dixon

          Hello Aneta,

           

               I want to simplify the On-Access Scanner categories for you.  For this explanation, please think about Low, High, And Default as Categories 1(Low), 2(High), and Catch-All(Default).  The Process list is what determines what category VSE will apply.  In your problem, you will want to put w3wp.exe in Category 1 (Low).  Now, ANYTHING that process does, VSE will scan it in accordance to how Category 1 is configured.  So, if you turn off every option under "Scan Items", you essentially just whitelisted w3wp.exe.  If your security model accepts this approach, then no exclusions are needed.  Should you need to enable scanning options under "Scan Items", then you will want to add the exclusions to that categories Exclusions section.

           

          Recommended reading:

          Consolidated list of VirusScan Enterprise exclusion articles

          Technical Articles ID:  KB66909

          https://kc.mcafee.com/corporate/index?page=content&id=KB66909

           

          How to manage file and folder exclusions in VirusScan Enterprise 8.x using wildcards

          Technical Articles ID:  KB50998

          https://kc.mcafee.com/corporate/index?page=content&id=KB50998

           

          Understanding High-Risk, Low-Risk, and Default processes configuration and usage

          Technical Articles ID:  KB55139

          https://kc.mcafee.com/corporate/index?page=content&id=KB55139

           

          Thanks

           

          Josh