Loading...

Knowledge Center


How to create low-risk and high-risk process exclusions for VirusScan Enterprise 8.x in ePolicy Orchestrator
Technical Articles ID:   KB67544
Last Modified:  4/6/2017
Rated:


Environment

McAfee ePolicy Orchestrator (ePO) 5.x
McAfee VirusScan Enterprise (VSE) 8.x

Summary

The VSE On-Access Scanner scans each file when it is accessed. Because some applications constantly access a large number of files, it may be necessary to create exclusions to improve the performance of these applications.
 
VSE allows you to set exclusions for individual files, file types, or files accessed by specific processes. Because many applications (such as database programs) write to files in multiple locations, excluding files and folders based on a specific process instead of excluding them for all processes is recommended.

Solution

When VSE is managed by ePO, policies must be modified or created on the ePO server:
 
IMPORTANT: When you modify or create policies, use the drop-down menu to select Workstation or Server. Any policy changes must be made separately for servers and workstations.
  1. Log on to the ePO console.
  2. Click MenuPolicyPolicy Catalog.
  3. Select the appropriate version of VirusScan Enterprise from the Product drop-down menu.
  4. Select On-Access Default Processes Policies from the Category drop-down menu.
  5. Click a policy to edit.
  6. Select Configure different scanning policies for high-risk, low-risk, and default processes.
  7. Click Save.
  8. Select On-Access High-Risk Processes Policies or On-Access Low-Risk Processes Policies from the Category drop-down menu.
  9. Click a policy to edit.
  10. Click the High Risk Processes (or Low-Risk Processes) tab, and add or delete processes as desired by clicking the Add or Remove button.
  11. Click the Scan Items tab, and then deselect any or all of the options in the Scan files section.

    NOTE: It is generally sufficient to disable When reading from disk. However, database servers also perform many write operations. In some environments it may be necessary to disable the When writing to disk option as well.
     
  12. Click the Exclusions tab and ensure that you add any exclusions previously created under Default processes to the High Risk Processes (or Low-Risk Processes). 

    NOTE: If you have high and low-risk enabled, any exclusions previously stored in Default processes will not be applied to the High Risk Processes or Low-Risk Processes policy.
     
  13. Click Save.

Example scenario

If an application reads numerous uniquely named files from the same folder many times per second (such as when the ePO server processes XML file Events received from the environment), scanning on every read action can have a negative impact on system performance. If you add the process that performs the work (EventParser.exe) to the Low-Risk profile and configure that profile to exclude the Events folder (or the file type of the events themselves), you could improve system performance with minimal to no risk, because the exclusion would apply only to the EventParser.exe process (and any other processes that have been added to the Low-Risk profile). 

You can also specify that the exclusion applies only to either Read or Write actions; however, the performance gain may not be as significant.

Previous Document ID

KB47617

Rate this document

Did this article resolve your issue?

Please provide any comments below

Beta Translate with

Select a desired language below to translate this page.

Glossary of Technical Terms


 Highlight Glossary Terms

Please take a moment to browse our Glossary of Technical Terms.