After you install DLP Endpoint, if scanning significantly affects your system performance, you might need to exclude DLP Endpoint content from scans. This article contains a list of the DLP Endpoint processes and folders to exclude from being scanned by the ENS or VSE scanning engine.
DLP Endpoint processes to exclude:
Create an on-access scanner low-risk process exclusion for the following DLP Endpoint processes. Disable scanning when writing to or reading from disk.
- fcags.exe
- fcagte.exe
- fcagswd.exe
- fcag.exe
NOTE: The default location for these processes is:
C:\Program Files\McAfee\DLP\Agent
DLP Endpoint folder to exclude:
Create an exclusion for the following DLP Endpoint folder:
C:\ProgramData\McAfee\DLP\
DLP Endpoint for Mac folders to exclude:
Create an exclusion for the following DLP Endpoint for Mac folders:
/usr/local/McAfee/DlpAgent/
/etc/cma.d/DATALOSS2000/
/usr/local/McAfee/fmp/config/DlpAgent/
How to configure exclusions in ENS and VSE:
When configuring exclusions, always apply the principle that the more precise the exclusion, the smaller the potential security risk. For instructions to configure exclusions, see the following documentation:
- ENS: "Preventing Threat Prevention from blocking trusted programs, networks, and services" section of the Endpoint Security 10.6.x Threat Prevention Product Guide (ePO managed).
- VSE:
- KB66909 - Consolidated list of Endpoint Security and VirusScan Enterprise exclusion articles
- KB55898 - Understanding VirusScan Enterprise Exclusions
- KB67544 - How to create low-risk and high-risk process exclusions for VirusScan Enterprise 8.x in ePolicy Orchestrator
- KB50998 - How to manage file and folder exclusions in VirusScan Enterprise 8.x using wildcards
- KB61000 - VirusScan Enterprise exclusions and hardware paths (physical address versus logical address)
