When ePO manages VSE, policies must be modified or created on the ePO server:
IMPORTANT: When you modify or create policies, use the drop-down list to select Workstation or Server. Any policy changes must be made separately for servers and workstations.
- Log on to the ePO console.
- Click Menu, Policy, Policy Catalog.
- Select the appropriate version of VirusScan Enterprise from the Product drop-down list.
- Select On-Access Default Processes Policies from the Category drop-down list.
- Click a policy to edit.
- Select Configure different scanning policies for high-risk, low-risk, and default processes.
- Click Save.
- Select On-Access High-Risk Processes Policies or On-Access Low-Risk Processes Policies from the Category drop-down list.
- Click a policy to edit.
- Click the High Risk Processes or Low-Risk Processes tab. Add or delete processes as needed by clicking the Add or Remove button.
- Click the Scan Items tab, and then deselect any or all options in the Scan files section.
NOTE: It’s usually sufficient to disable When reading from disk. But, database servers also perform many write operations. In some environments, it might be necessary to disable the When writing to disk option as well.
- Click the Exclusions tab and make sure that you add any exclusions previously created under Default processes to the High Risk Processes (or Low-Risk Processes).
NOTE: If you have high- and low-risk enabled, any exclusions previously stored in Default processes are not applied to the High Risk Processes or Low-Risk Processes policy.
- Click Save.
Example scenario
If an application reads numerous uniquely named files from the same folder many times per second, scanning on every read action can have a negative impact on system performance. (An application can read numerous files from the same folder when the ePO server processes XML file Events received from the environment.) If you add the process that performs the work,
EventParser.exe, to the
Low-Risk profile and configure that profile to exclude the
Events folder, you can improve system performance with minimal to no risk. (Or, you can configure that profile to exclude the file type of the events.) The reason is because the exclusion applies only to the
EventParser.exe process and any other processes that have been added to the Low-Risk profile.
You can also specify that the exclusion applies only to either
Read or
Write actions. But, the performance gain might not be as significant.