Loading...

Knowledge Center


Understanding Endpoint Security scan profiles and how to exclude an application executable from on-access scanning
Technical Articles ID:   KB88595
Last Modified:  12/10/2018
Rated:


Environment

McAfee Endpoint Security (ENS) Threat Prevention 10.x

Summary

When you configure ENS to exclude files from being scanned, it is important to understand how to use the available options to achieve your goal.

There are three scan profiles in the Endpoint Security Threat Prevention, On-Access Scan policy to achieve a balance between security and the performance impact of scanning. The three scan profiles are: 
  • Standard processes
  • High Risk processes
  • Low Risk processes
These policies are set for the process only. For example, for Windows File Explorer the process name Explore.exe is set as a High Risk process. If the scan policy is set to scan when the process reads and writes, it means that any file read and file write by Explore.exe will be scanned. In the High Risk process scan policy, you can specify files and folders to exclude from scanning for a file read or file write by the High Risk processes. But as a general security practice, you do not want to exclude files and folders containing files with the extensions .exe, .dll, and .sys from scanning. 

It is common and recommended to set the Low Risk process scan policy to not scan on a file read or file write. This setting means any file reads and file writes by Low Risk processes are not scanned, and you do not need to specify any scan exclusions for files and folders. 

For information about improving performance when scanning files, see KB88205.

How to exclude an application executable from on-access scanning
To exclude a known and trusted application executable from on-access scanning, put the application executable name in an exclusion. This action prevents the application executable from being scanned and potentially being flagged or blocked and deleted.

How to exclude all file reads/writes by a known and trusted application from on-access scanning
Suppose that you have an internally developed application executable named myApp.exe. If you do not want any file reads and writes by myApp.exe to be scanned, add myApp.exe to the Low Risk process scan policy. Also, set the scan policy to not scan on a file read or write.

Rate this document

Beta Translate with

Select a desired language below to translate this page.

Languages:

This article is available in the following languages:

English United States
Japanese

Glossary of Technical Terms


 Highlight Glossary Terms

Please take a moment to browse our Glossary of Technical Terms.