Solved

Setting McAfee exclusions via ePO Server

Posted on 2008-10-09
7
8,615 Views
Last Modified: 2013-12-09
Hi

We are running McAfee ePO server 4.0 and VirusScan client 8.5

I have some servers that need to be brought online shortly. The applications that are held on them need some specific exclusions set as regards AV scanning, otherwise they will become corrupt.

I was thinking of creating a container in the McAfee EPO server, creating a policy that excludes the appropriate files/folders, and then applying this policy to the container.

Is this the correct way of doing things? Or is it better to create the exclusions locally on the McAfee client on the servers themselves?

What I'm worried is that once McAfee is installed on these servers, it will instantly start scanning before the client has the chance to download and apply the correct policy from the ePO server.

Can anyone confirm what the process is?

This is an urgent question, so max points!

Cheers!
0
Comment
Question by:kam_uk
  • 4
  • 3
7 Comments
 
LVL 16

Expert Comment

by:legalsrl
ID: 22690206
Evening kam

McAfee scanning shouldn't corrupt any files, what programs are you talking about

I would personally set exclusions for scanning the specific directory structures through an exclusion policy

Once you have installed the ePO agent, it will download the latest policies before installing the scanning software

Is that clear ?  I know it's Friday night and it might not make much sense

Cheers
Si
0
 

Expert Comment

by:outerheaven
ID: 22691231
what would recomend first, the process on the on access scanner is the McShield.exe, the recommended thing would be to do the exclusion from epo, and make them general to the organization it doesnt matter,  to ensure that the On Access Scanner is not enabled on the deployment there a section below each product that says command line options, in that box there you can type this
ENABLEONACCESSSCANNER= FALSE
and the on access scanner will be disabled on the installation and will be enabled upon the next agent policy enforcement interval.
the exclusions will be applied till the agent makes the enxt agent to server communication.
i work for mcafee, if i can help on any other way, dont hesitate im open to questions!!!
0
 
LVL 16

Assisted Solution

by:legalsrl
legalsrl earned 200 total points
ID: 22693219
What I'm concerned about with the above method, is that, yes, you are disabling the on-access scanner, but that is only the on-access scanner.

I would deploy the ePO agent first, so it has time to pick up the policies prior to deploying VSE as disabling the on-access scanner as above will not prevent VSE from scanning the entire machine when the software is deployed, which is what Kam wants to do

If you set the exclusion and then, say, an hour later, deploy the antivirus, then the policy will be picked up first, and McAfee will know where and what, it can and can't scan.

outerheaven, do you work for McAfee in the US or the UK ?

Cheers
Si
0
How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

 

Accepted Solution

by:
outerheaven earned 300 total points
ID: 22694106
All the other modules of antivirus depend on the On Access Scanner if disable the on access scanner the buffer overflow and access protection will also be disabled, the only way the pc will be scanned is through an on demand scan, you first have to send the agent then the agent will install the antivirus he has the policies the only thing is that when he first installs the antivirus the policies from epo are not set this is why i disable the on access scanner first on the next policy enforcement the agent will set the policies and enable the on access scanner. and i work on the  US
0
 
LVL 16

Expert Comment

by:legalsrl
ID: 22694469
Hiya

Nice to meet you outerheaven, hope to have you on here more !

Cheers
Si
0
 

Expert Comment

by:outerheaven
ID: 22706135
thanks dude!!!  im a newbie here thanks for the welcome
0
 
LVL 16

Expert Comment

by:legalsrl
ID: 22706518
Outer, we can soooo use your knowledge here, please dont' go anywhere !!!

It's always good to have a manufacturer contact here so I've very pleased to meet you !

Cheers
Si
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

There are many HijackThis tutorials on the web already, so this article is about tips that help utilize HijackThis' full potential as a diagnostic tool. Download HijackThis from a TrendMicro link or from known reliable sources only. http://free.…
PREFACE The purpose of this guide is to provide information to successfully add specific IIS 7.0 role services for the Symantec Endpoint Protection Manager (SEPM) to function properly when installed on Windows 2008. AUDIENCE Information Technol…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now