Loading...

Knowledge Center

Print
How to create Low-Risk and High-Risk process exclusions in VirusScan Enterprise
Technical Articles ID:  KB58692
Last Modified:  8/21/2012
Rated:

Environment

 

Problem

How do I exclude from scanning file operations that are initiated by specific processes?

Cause

The VirusScan Enterprise (VSE) On-Access Scanner scans every file when it is accessed. Because some applications constantly access a high number of files, it can be necessary to set exclusions to improve the performance of these applications. This does not have to lower the security of your system; VSE allows you to set very specific exclusions. Because many applications such as database programs write to files in multiple locations, it is generally best to exclude files and folders based on a specific process instead of excluding them for all processes.

Solution 1

VirusScan Enterprise 8.5i and later (unmanaged / standalone installations)

Exclusions can be set locally (if the software is installed as a standalone) or through the appropriate management program (ePO).
  1. Click Start, Programs, McAfee, VirusScan Console.
  2. Right-click On-Access Scanner and select Properties.
  3. Select All Processes, then enable the appropriate option: 
     
    Configure different scanning policies for high-risk, low-risk and default processes for VSE 8.7i and later
    Use different settings for high-risk and low-risk processes for VSE 8.5i

    NOTE: If All Processes is not available, this option has already been enabled. 

     
  4. Select Low-Risk Processes.
  5. On the Processes tab, click Add and use the list or browse to the application you wish to include as a Low-Risk Process.
  6. In the Detection tab, deselect any or all of the options in the Scan Files section.

    NOTE: It is generally sufficient to disable When reading from disk. However, database servers also perform many write operations. In some environments you may need to disable the option When writing to disk also.

     
  7. Select High-Risk Processes.
  8. On the Processes tab, click Add and use the list or browse to the application you wish to include as a High-Risk Process.

    NOTE: Ensure you add any exclusions previously created in the Default processes to the High-Risk Processes. If you have high-risk and low-risk enabled, any exclusions previously stored in Default processes will not be applied to the high-risk processes policy.

Solution 2

VirusScan Enterprise 8.5i and later managed by ePolicy Orchestrator

KB67541 - How to create low-risk and high-risk process exclusions for VirusScan Enterprise 8.x in ePO 4.0
KB67544 - How to create low-risk and high-risk process exclusions for VirusScan Enterprise 8.5i / 8.7i in ePO 4.5

Related Information

KB55139 - Understanding High Risk, Low Risk, and Default processes configuration and usage
KB55898 - Understanding Exclusions

Previous Document ID

KB47617

Rate this document

Did this article resolve your issue?

Please provide any comments below

Affected Products


VirusScan Enterprise 8.7i

Beta Translate with

Select a desired language below to translate this page.

Glossary of Technical Terms


Highlight Glossary Terms

Please take a moment to browse our Glossary of Technical Terms.