Endpoint Security and VirusScan Enterprise exclusions for Data Loss Prevention Endpoint to improve performance

Technical Articles ID: KB68520
Last Modified: 1/27/2020

Environment

McAfee Data Loss Prevention (DLP) Endpoint 11.x
McAfee Endpoint Security (ENS) Threat Prevention 10.x
McAfee VirusScan Enterprise (VSE) 8.x

Summary

After you install DLP Endpoint, if the scanning significantly affects your system performance, you might need to exclude DLP Endpoint content from scans. This article contains a list of the DLP Endpoint processes and folders to exclude from being scanned by the ENS or VSE scanning engine.

DLP Endpoint processes to exclude:
Create an on-access scanner low-risk process exclusion for the following DLP Endpoint processes. Disable scanning when writing to or reading from disk.

fcags.exe
fcagte.exe
fcagswd.exe
fcag.exe

NOTE: The default location for these processes is:

C:\Program Files\McAfee\DLP\Agent

DLP Endpoint folder to exclude:
Create an exclusion for the following DLP Endpoint folder:

C:\ProgramData\McAfee\DLP\

DLP Endpoint for Mac folders to exclude:
Create an exclusion for the following DLP Endpoint for Mac folders:

/usr/local/McAfee/DlpAgent/
/etc/cma.d/DATALOSS2000/
/usr/local/McAfee/fmp/config/DlpAgent/

How to configure exclusions in ENS and VSE:
When you configure exclusions, always apply the principle that the more precise the exclusion, the smaller the potential security risk. For instructions to configure exclusions, see the following documentation:

ENS: "Preventing Threat Prevention from blocking trusted programs, networks, and services" section of the Endpoint Security Threat Prevention Product Guide
VSE:
- KB66909 - Consolidated list of Endpoint Security and VirusScan Enterprise exclusion articles
- KB55898 - Understanding VirusScan Enterprise Exclusions
- KB67544 - How to create low-risk and high-risk process exclusions for VirusScan Enterprise 8.x in ePolicy Orchestrator
- KB50998 - How to manage file and folder exclusions in VirusScan Enterprise 8.x using wildcards
- KB61000 - VirusScan Enterprise exclusions and hardware paths (physical address versus logical address)

Affected Products

Configuration
Data Loss Prevention Endpoint 11.4.x
Data Loss Prevention Endpoint 11.3.x
Data Loss Prevention Endpoint 11.2.x
Data Loss Prevention Endpoint 11.1.x
Endpoint Security Threat Prevention 10.7.x
Endpoint Security Threat Prevention 10.6.x
Endpoint Security Threat Prevention 10.5.x
VirusScan Enterprise 8.8

Languages:

This article is available in the following languages:

English United States
Spanish Spain
French
Japanese
Portuguese Brasileiro

Glossary of Technical Terms

Highlight Glossary Terms

Please take a moment to browse our Glossary of Technical Terms.

Endpoint Security and VirusScan Enterprise exclusions for Data Loss Prevention Endpoint to improve performance

Environment

Summary

Affected Products

Languages:

Glossary of Technical Terms

Title

Title

Featured Solutions

Explore Our Portfolio

Security Outcomes

Industries

Products

Featured Solutions

Explore Our Portfolio

MVISION Products

Services & Training

Threat Research

Our Researchers

Threat Landscape Dashboard

Tools

Contact Us

Resources

Downloads

Product Help

Connect with Us

Explore

Our Company

Our Efforts

Other Resources

Careers

Partnerships

Endpoint Security and VirusScan Enterprise exclusions for Data Loss Prevention Endpoint to improve performance

Environment

Summary

Affected Products

Languages:

Glossary of Technical Terms

Choose your region

Title

Title