Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Setting McAfee exclusions via ePO Server

Posted on 2008-10-09
7
Medium Priority
?
9,183 Views
Last Modified: 2013-12-09
Hi

We are running McAfee ePO server 4.0 and VirusScan client 8.5

I have some servers that need to be brought online shortly. The applications that are held on them need some specific exclusions set as regards AV scanning, otherwise they will become corrupt.

I was thinking of creating a container in the McAfee EPO server, creating a policy that excludes the appropriate files/folders, and then applying this policy to the container.

Is this the correct way of doing things? Or is it better to create the exclusions locally on the McAfee client on the servers themselves?

What I'm worried is that once McAfee is installed on these servers, it will instantly start scanning before the client has the chance to download and apply the correct policy from the ePO server.

Can anyone confirm what the process is?

This is an urgent question, so max points!

Cheers!
0
Comment
Question by:kam_uk
  • 4
  • 3
7 Comments
 
LVL 16

Expert Comment

by:legalsrl
ID: 22690206
Evening kam

McAfee scanning shouldn't corrupt any files, what programs are you talking about

I would personally set exclusions for scanning the specific directory structures through an exclusion policy

Once you have installed the ePO agent, it will download the latest policies before installing the scanning software

Is that clear ?  I know it's Friday night and it might not make much sense

Cheers
Si
0
 

Expert Comment

by:outerheaven
ID: 22691231
what would recomend first, the process on the on access scanner is the McShield.exe, the recommended thing would be to do the exclusion from epo, and make them general to the organization it doesnt matter,  to ensure that the On Access Scanner is not enabled on the deployment there a section below each product that says command line options, in that box there you can type this
ENABLEONACCESSSCANNER= FALSE
and the on access scanner will be disabled on the installation and will be enabled upon the next agent policy enforcement interval.
the exclusions will be applied till the agent makes the enxt agent to server communication.
i work for mcafee, if i can help on any other way, dont hesitate im open to questions!!!
0
 
LVL 16

Assisted Solution

by:legalsrl
legalsrl earned 800 total points
ID: 22693219
What I'm concerned about with the above method, is that, yes, you are disabling the on-access scanner, but that is only the on-access scanner.

I would deploy the ePO agent first, so it has time to pick up the policies prior to deploying VSE as disabling the on-access scanner as above will not prevent VSE from scanning the entire machine when the software is deployed, which is what Kam wants to do

If you set the exclusion and then, say, an hour later, deploy the antivirus, then the policy will be picked up first, and McAfee will know where and what, it can and can't scan.

outerheaven, do you work for McAfee in the US or the UK ?

Cheers
Si
0
Lessons on Wi-Fi & Recommendations on KRACK

Simplicity and security can be a difficult  balance for any business to tackle. Join us on December 6th for a look at your company's biggest security gap. We will also address the most recent attack, "KRACK" and provide recommendations on how to secure your Wi-Fi network today!

 

Accepted Solution

by:
outerheaven earned 1200 total points
ID: 22694106
All the other modules of antivirus depend on the On Access Scanner if disable the on access scanner the buffer overflow and access protection will also be disabled, the only way the pc will be scanned is through an on demand scan, you first have to send the agent then the agent will install the antivirus he has the policies the only thing is that when he first installs the antivirus the policies from epo are not set this is why i disable the on access scanner first on the next policy enforcement the agent will set the policies and enable the on access scanner. and i work on the  US
0
 
LVL 16

Expert Comment

by:legalsrl
ID: 22694469
Hiya

Nice to meet you outerheaven, hope to have you on here more !

Cheers
Si
0
 

Expert Comment

by:outerheaven
ID: 22706135
thanks dude!!!  im a newbie here thanks for the welcome
0
 
LVL 16

Expert Comment

by:legalsrl
ID: 22706518
Outer, we can soooo use your knowledge here, please dont' go anywhere !!!

It's always good to have a manufacturer contact here so I've very pleased to meet you !

Cheers
Si
0

Featured Post

New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

OVERVIEW This guide provides information on the process performed when the Symantec Endpoint Protection (SEP) client checks in with the Symantec Endpoint Protection Manager (SEPM). AUDIENCE Information Technology personnel responsible for suppo…
Curious about the latest ransomware attack? Check out our timeline of events surrounding the spread of this new virus along with tips on how to mitigate the damage.
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

783 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question