Loading...

Knowledge Center

How to create Low-Risk and High-Risk process exclusions in VirusScan Enterprise
Technical Articles ID:   KB58692
Last Modified:  5/11/2016
Rated:

Environment

McAfee VirusScan Enterprise (VSE) 8.8

Summary

The VirusScan Enterprise (VSE) On-Access Scanner scans every file when it is accessed. Because some applications constantly access a high number of files, it can be necessary to set exclusions to improve the performance of these applications. This does not have to lower the security of your system; VSE allows you to set very specific exclusions. Because many applications such as database programs write to files in multiple locations, it is generally best to exclude files and folders based on a specific process instead of excluding them for all processes.

Problem

System performance degrades when certain files are scanned.

Solution

Exclusions can be set locally (if the software is installed as stand-alone) or through the appropriate management program (ePO).

For stand-alone installations:
  1. Open the VirusScan Console.
  2. Right-click On-Access Scanner and select Properties.
  3. Select All Processes.
  4. Select Low-Risk Processes.
  5. On the Processes tab, click Add and use the list or browse to the application you want to include as a Low-Risk Process.
  6. In the Detection tab, deselect any or all of the options in the Scan Files section.

    NOTE: It is generally sufficient to disable When reading from disk. However, database servers also perform many write operations. In some environments you may also need to disable the option When writing to disk.
     
  7. Select High-Risk Processes.
  8. On the Processes tab, click Add and use the list or browse to the application you want to include as a High-Risk Process.

    NOTE: Ensure you add any exclusions previously created in the Default processes to the High-Risk Processes

    If you have high-risk and low-risk enabled, any exclusions previously stored in Default processes will not be applied to the high-risk processes policy.

For ePO managed installations:
  1. Log on to the ePO console.
  2. Click Menu, Policy, Policy Catalog.
  3. Select VirusScan Enterprise from the Product drop-down menu.
  4. Select On-Access Default Processes Policies from the Category drop-down menu.
  5. Select a policy, then select Configure different scanning policies for high-risk, low-risk, and default processes and click Save.
  6. Select On-Access High-Risk Processes Policies or On-Access Low-Risk Processes Policies from the Category drop-down menu.
  7. Select a policy, then click the High Risk Processes (or Low Risk Processes) tab, and add or delete processes as desired by clicking Add, Edit, or Remove.
  8. Click the Scan Items tab, then de-select any or all of the options in the scan files section.

    NOTE: It is generally sufficient to disable When reading from disk. However, database servers also perform many write operations. In some environments it may be necessary to disable the When writing to disk option as well.

  9. Click the Exclusions tab and ensure that you add any exclusions previously created under Default processes to the High-Risk Processes (or Low Risk Processes).

    NOTE: If you have high and low-risk enabled, any exclusions previously stored in Default processes will not be applied to the High-Risk or Low Risk Processes policy.

  10. Save your changes.

Related Information

For information about:
  • Understanding High-Risk, Low-Risk, and Default processes configuration and usage, see KB55139
  • Understanding VirusScan Enterprise exclusions, see KB55898.

Rate this document

Did this article resolve your issue?

Please provide any comments below

Beta Translate with

Select a desired language below to translate this page.

Glossary of Technical Terms


 Highlight Glossary Terms

Please take a moment to browse our Glossary of Technical Terms.