Knowledge Center

In VirusScan Enterprise, an excluded file or a file residing in an excluded folder will not be scanned.

To determine whether a file is excluded, the MCSHIELD.EXE process receives information about the file from the McAfee AV filter driver.


Presence of an excluded file name (in this example nHTTP.exe) in the log file does not necessarily indicate that a scan occurred, or that the point product attempted to scan the file.

10/23/2010  17:22:01 PM  Not scanned  (scan timed out)       NT AUTHORITY\SYSTEM    G:\Lotus\Domino\nHTTP.EXE     F:\Lotus\Domino\Data\keyfile2010.sth

NOTE:

• ALL exclusions are processed by McShield.exe.  McShield does all the scanning but it also does all the exclusions.
• McShield has a timeout mechanism.

• Exclude by File Age
  You can use this powerful mechanism to potentially increase performance, particularly for On-Demand Scans, with little risk.
  
  Example
  Perform a full scan to set a date baseline, then configure a task to scan all files but exclude files modified x days or more ago, and schedule the scan to run every x days.
  If x = 2, only files modified within the last 2 days will be scanned.
  
   
• Exclusions for Select Processes Only
  
  • You might need to exclude a folder that gets a lot of file I/O traffic, but the risk of exposing this folder for all processes is felt to be too high.
  • Lessen the risk by utilizing VirusScan Enterprise multiple scanning profiles, termed Default Processes, High-Risk Processes and Low-Risk processes.
  • Add the desired process into a specific profile (High-Risk or Low-Risk) and configure the exclusion for that profile. Only the processes listed in that profile will exclude the specified file or folder.

For ProcMon download and information, see KB72766.