1 Reply Latest reply on Oct 26, 2016 7:44 AM by joshrountree

    On-Access Default Processes Policy import from McAfee

    joshrountree

      I remember seeing a download/install a couple of years ago that had default policies pre-built for domain controllers, SQL servers, exchange etc.

       

      It seems very easy for McAfee to provide an xml file for On-Access Default Processes Policy that all users of EPO and VSE on servers could import. It sure would save some time and make sure we get the exclusions correct. Any help McAfee?

        • 1. Re: On-Access Default Processes Policy import from McAfee
          joshrountree

          Maybe this will get the ball rolling. Like I said, this is something I think would be pretty easy for McAfee to put as a downloaded file, but oh well.

           

          Here's a list of exclusions that could be imported/exported. They aren't perfect, especially if you have your domain controller data files installed to non-standard directories, but I thought it'd at least let us start the conversation. I excluded the entire Microsoft SQL directory, probably not the ideal exclusion either.

           

          Here are my exclusions for an Active Directory domain controller and SQL:

           

          <Section name="Server_Default-Exclusions">

          <Setting name="ExcludedItem_0" value="3|3|C:\Windows\ntds\Ntds.dit"/>

          <Setting name="ExcludedItem_1" value="3|3|C:\Windows\ntds\Ntds.pat"/>

          <Setting name="ExcludedItem_10" value="3|3|C:\Windows\ntfrs\jet\log\edbres00001.jrs"/>

          <Setting name="ExcludedItem_11" value="3|3|C:\Windows\ntfrs\jet\log\edbres00002.jrs"/>

          <Setting name="ExcludedItem_12" value="3|7|C:\Windows\SYSVOL\staging areas\"/>

          <Setting name="ExcludedItem_13" value="3|7|C:\Windows\SYSVOL\"/>

          <Setting name="ExcludedItem_14" value="3|7|C:\Windows\System32\dhcp\"/>

          <Setting name="ExcludedItem_15" value="3|7|**\Program Files\Microsoft SQL Server\"/>

          <Setting name="ExcludedItem_2" value="3|3|C:\Windows\ntds\EDB*.log"/>

          <Setting name="ExcludedItem_3" value="3|3|C:\Windows\ntds\Res1.log"/>

          <Setting name="ExcludedItem_4" value="3|3|C:\Windows\ntds\Res2.log"/>

          <Setting name="ExcludedItem_5" value="3|3|C:\Windows\ntds\Temp.edb"/>

          <Setting name="ExcludedItem_6" value="3|3|C:\Windows\ntds\Edb.chk"/>

          <Setting name="ExcludedItem_7" value="3|3|C:\Windows\ntfrs\jet\sys\edb.chk"/>

          <Setting name="ExcludedItem_8" value="3|3|C:\Windows\ntfrs\jet\ntfrs.jdb"/>

          <Setting name="ExcludedItem_9" value="3|3|C:\Windows\ntfrs\jet\log\*.log"/>

          <Setting name="bAppendExclusions" value="0"/>

          <Setting name="dwExclusionCount" value="16"/>

          </Section>