1 2 Previous Next 18 Replies Latest reply on Nov 10, 2010 5:08 AM by JoeBidgood

    Exclusions for servers question

      Hi All,

      I am installing and configuring Epo 4.0 and I have read the documents on exclusions for Exchange and such.

      My big question is, since our db files are on a drive other then C: how would I go about creating exclusions for other drive letters?

      For example I have the following:

      \Indexes
      \inetpub\mailroot
      %windir%\systems32\ntds

      etc....

      Do I have to include the drive letter? Or will it be smart enough to know that any folder called "Indexes" will be excluded?

      I am creating one exclusion list for all servers (basic exchange and sql servers)

      Any help is appreciated!!!
        • 1. RE: Exclusions for servers question
          metalhead
          If these are all root folders this will do it:

          ?:\Indexes
          ?:\inetpub\mailroot
          ?:\%windir%\systems32\ntds

          otherwise you can also do a general exlusion for all "paths" including these folders with:

          **\Indexes
          **\inetpub\mailroot
          **\%windir%\systems32\ntds

          Double stars mean "all characters including backslashes".
          • 2. RE: Exclusions for servers question
            Thanks Metalhead!
            • 3. RE: Exclusions for servers question
              Hi Guys

              sorry for digging up this old thread but it is revelant to what i am doing now

              I am creating exclusions for a new bunch of servers going in doing various roles. As the detailed design is not finalised, the exclusions i add cannot have drive letters assigned, so this thread became interesting. I am though not sure that the exclusions below will work

              i believe :

              ?:\Indexes
              ?:\inetpub\mailroot
              **\Indexes
              **\inetpub\mailroot

              will work, but i am not sure that the suggestion for the ones below will work (%windir% does not work on all systenms any, its best to use %systemroot%, but that is not the point i am making): -

              ?:\%windir%\systems32\ntds
              **\%windir%\systems32\ntds



              My concern is that by using environmental variables will end up already including a drive letter , so the above would be interpriped by Mcafee AV as : -

              ?:\c:\Windows\systems32\ntds
              **\c:\Windows\\systems32\ntds

              Which will not have the desired affect.

              This is an issue for me when adding Exchange exclusions which use the %ProgramFiles% variable, which again will include a drive letter.

              So if for example i am wanting to add the exclusion for Address book related extensions but i didnt know where Program Files was going to be using

              %ProgramFiles%\Microsoft\Exchange Server\**\*.lzx

              would NOT be sufficient, if the variable was not setup correctly to the correct drive an just defaulted to c:\Program Files

              I believe i would have to use either : -

              **\Microsoft\Exchange Server\**\*.lzx

              or

              **\Program Files\Exchange Server\*\*.lzx

              or

              ??:\Program Files\Exchange Server\*\*.lzx


              Let me know your thoughts

              regards

              J
              • 5. RE: Exclusions for servers question
                Thanks. I had seen the first one but not the second. Interesting. Though im still curious about my initial questions RE: System drive letter substitution will NOT work using variables as they will already include a drive letter

                J


                • 6. RE: Exclusions for servers question
                  HI,

                  I tested using %windir% on my system here, this worked ok for me, but I think your idea makes sense,

                  **\Program Files\Exchange Server\*\*.lzx would seem to be the most bullet proof option.

                  What did you find when testing this stuff?
                  • 7. RE: Exclusions for servers question
                    dustrho
                    No matter how many times I read about the McAfee wildcards that can be used, I'm still a bit confused as to which one to use. I'm most confused about about using the right wildcard for when an application is installed either on C:\ or on D:\. For example, we have a specific application installed randomly on various drives (don't ask me why it's that way, but it's legacy crap) as such...

                    C:\Program Files\AppName\
                    D:\Program Files\AppName\

                    I need to know if I should be using a single asterisk (*), double asterisk (**) or a question mark (?) in the spot for the drive letter. I've inherited a lot of these rules in ePO from my predecessor, and I need to make sure the right wildcard is being used. All three of those options are used, and I know that only one should be used. I'm guessing that the following should be used, right?

                    **\Program Files\AppName\
                    • 8. RE: Exclusions for servers question
                      Yes

                      or

                      ?:\Program Files\AppName\

                      should also work

                      J
                      • 9. Re: RE: Exclusions for servers question

                        **\Program Files\AppName\

                         

                        Should allow you to exclude the "AppName" directory, and all sub-directories depending how choose to setup in EPO.

                         

                        In EPO there is an addtional option to select all subdirectories, and I believe you "must" select exclude all sub-directories for the On-Access Scanner (OAS) exclusions. I haven't seen this addressed in the McAfee EPO tutorials yet.

                        1 2 Previous Next