Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 9502
  • Last Modified:

Setting McAfee exclusions via ePO Server

Hi

We are running McAfee ePO server 4.0 and VirusScan client 8.5

I have some servers that need to be brought online shortly. The applications that are held on them need some specific exclusions set as regards AV scanning, otherwise they will become corrupt.

I was thinking of creating a container in the McAfee EPO server, creating a policy that excludes the appropriate files/folders, and then applying this policy to the container.

Is this the correct way of doing things? Or is it better to create the exclusions locally on the McAfee client on the servers themselves?

What I'm worried is that once McAfee is installed on these servers, it will instantly start scanning before the client has the chance to download and apply the correct policy from the ePO server.

Can anyone confirm what the process is?

This is an urgent question, so max points!

Cheers!
0
kam_uk
Asked:
kam_uk
  • 4
  • 3
2 Solutions
 
legalsrlCommented:
Evening kam

McAfee scanning shouldn't corrupt any files, what programs are you talking about

I would personally set exclusions for scanning the specific directory structures through an exclusion policy

Once you have installed the ePO agent, it will download the latest policies before installing the scanning software

Is that clear ?  I know it's Friday night and it might not make much sense

Cheers
Si
0
 
outerheavenCommented:
what would recomend first, the process on the on access scanner is the McShield.exe, the recommended thing would be to do the exclusion from epo, and make them general to the organization it doesnt matter,  to ensure that the On Access Scanner is not enabled on the deployment there a section below each product that says command line options, in that box there you can type this
ENABLEONACCESSSCANNER= FALSE
and the on access scanner will be disabled on the installation and will be enabled upon the next agent policy enforcement interval.
the exclusions will be applied till the agent makes the enxt agent to server communication.
i work for mcafee, if i can help on any other way, dont hesitate im open to questions!!!
0
 
legalsrlCommented:
What I'm concerned about with the above method, is that, yes, you are disabling the on-access scanner, but that is only the on-access scanner.

I would deploy the ePO agent first, so it has time to pick up the policies prior to deploying VSE as disabling the on-access scanner as above will not prevent VSE from scanning the entire machine when the software is deployed, which is what Kam wants to do

If you set the exclusion and then, say, an hour later, deploy the antivirus, then the policy will be picked up first, and McAfee will know where and what, it can and can't scan.

outerheaven, do you work for McAfee in the US or the UK ?

Cheers
Si
0
What Kind of Coding Program is Right for You?

There are many ways to learn to code these days. From coding bootcamps like Flatiron School to online courses to totally free beginner resources. The best way to learn to code depends on many factors, but the most important one is you. See what course is best for you.

 
outerheavenCommented:
All the other modules of antivirus depend on the On Access Scanner if disable the on access scanner the buffer overflow and access protection will also be disabled, the only way the pc will be scanned is through an on demand scan, you first have to send the agent then the agent will install the antivirus he has the policies the only thing is that when he first installs the antivirus the policies from epo are not set this is why i disable the on access scanner first on the next policy enforcement the agent will set the policies and enable the on access scanner. and i work on the  US
0
 
legalsrlCommented:
Hiya

Nice to meet you outerheaven, hope to have you on here more !

Cheers
Si
0
 
outerheavenCommented:
thanks dude!!!  im a newbie here thanks for the welcome
0
 
legalsrlCommented:
Outer, we can soooo use your knowledge here, please dont' go anywhere !!!

It's always good to have a manufacturer contact here so I've very pleased to meet you !

Cheers
Si
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

What Kind of Coding Program is Right for You?

There are many ways to learn to code these days. From coding bootcamps like Flatiron School to online courses to totally free beginner resources. The best way to learn to code depends on many factors, but the most important one is you. See what course is best for you.

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now