How to create low-risk and high-risk process exclusions for VirusScan Enterprise 8.x in ePolicy Orchestrator

Technical Articles ID: KB67544
Last Modified: 4/28/2020

Environment

McAfee ePolicy Orchestrator (ePO) 5.x
McAfee VirusScan Enterprise (VSE) 8.x

Summary

The VSE on-access scanner scans each file when it is accessed. Because some applications constantly access many files, it might be necessary to create exclusions to improve the performance of these applications.

VSE allows you to set exclusions for individual files, file types, or files accessed by specific processes. Because many applications, such as database programs, write to files in multiple locations, McAfee recommends that you exclude files and folders based on a specific process rather than exclude them for all processes.

Solution

When ePO manages VSE, policies must be modified or created on the ePO server:

IMPORTANT: When you modify or create policies, use the drop-down list to select Workstation or Server. Any policy changes must be made separately for servers and workstations.

Log on to the ePO console.
Click Menu, Policy, Policy Catalog.
Select the appropriate version of VirusScan Enterprise from the Product drop-down list.
Select On-Access Default Processes Policies from the Category drop-down list.
Click a policy to edit.
Select Configure different scanning policies for high-risk, low-risk, and default processes.
Click Save.
Select On-Access High-Risk Processes Policies or On-Access Low-Risk Processes Policies from the Category drop-down list.
Click a policy to edit.
Click the High Risk Processes or Low-Risk Processes tab. Add or delete processes as wanted by clicking the Add or Remove button.
Click the Scan Items tab, and then deselect any or all options in the Scan files section.

NOTE: It is usually sufficient to disable When reading from disk. But, database servers also perform many write operations. In some environments, it might be necessary to disable the When writing to disk option as well.
Click the Exclusions tab and ensure that you add any exclusions previously created under Default processes to the High Risk Processes (or Low-Risk Processes).

NOTE: If you have high and low-risk enabled, any exclusions previously stored in Default processes are not applied to the High Risk Processes or Low-Risk Processes policy.
Click Save.

Example scenario

If an application reads numerous uniquely named files from the same folder many times per second, scanning on every read action can have a negative impact on system performance. (An application can read numerous files from the same folder when the ePO server processes XML file Events received from the environment.) If you add the process that performs the work, EventParser.exe, to the Low-Risk profile and configure that profile to exclude the Events folder, you could improve system performance with minimal to no risk. (Or, you can configure that profile to exclude the file type of the events.) The reason is because the exclusion would apply only to the EventParser.exe process and any other processes that have been added to the Low-Risk profile.

You can also specify that the exclusion applies only to either Read or Write actions. But, the performance gain might not be as significant.

Previous Document ID

KB47617

Affected Products

Configuration
VirusScan Enterprise 8.8

Languages:

This article is available in the following languages:

English United States
Japanese

Glossary of Technical Terms

Highlight Glossary Terms

Please take a moment to browse our Glossary of Technical Terms.

Knowledge Center

How to create low-risk and high-risk process exclusions for VirusScan Enterprise 8.x in ePolicy Orchestrator

Environment

Summary

Solution

Previous Document ID

Affected Products

Languages:

Glossary of Technical Terms

Title

Title

Knowledge Center

How to create low-risk and high-risk process exclusions for VirusScan Enterprise 8.x in ePolicy Orchestrator

Environment

Summary

Solution

Previous Document ID

Affected Products

Languages:

Glossary of Technical Terms

Choose your region

Title

Title