Setting McAfee exclusions via ePO Server

Hi

We are running McAfee ePO server 4.0 and VirusScan client 8.5

I have some servers that need to be brought online shortly. The applications that are held on them need some specific exclusions set as regards AV scanning, otherwise they will become corrupt.

I was thinking of creating a container in the McAfee EPO server, creating a policy that excludes the appropriate files/folders, and then applying this policy to the container.

Is this the correct way of doing things? Or is it better to create the exclusions locally on the McAfee client on the servers themselves?

What I'm worried is that once McAfee is installed on these servers, it will instantly start scanning before the client has the chance to download and apply the correct policy from the ePO server.

Can anyone confirm what the process is?

This is an urgent question, so max points!

Cheers!
LVL 3
kam_ukAsked:
Who is Participating?
 
outerheavenConnect With a Mentor Commented:
All the other modules of antivirus depend on the On Access Scanner if disable the on access scanner the buffer overflow and access protection will also be disabled, the only way the pc will be scanned is through an on demand scan, you first have to send the agent then the agent will install the antivirus he has the policies the only thing is that when he first installs the antivirus the policies from epo are not set this is why i disable the on access scanner first on the next policy enforcement the agent will set the policies and enable the on access scanner. and i work on the  US
0
 
legalsrlCommented:
Evening kam

McAfee scanning shouldn't corrupt any files, what programs are you talking about

I would personally set exclusions for scanning the specific directory structures through an exclusion policy

Once you have installed the ePO agent, it will download the latest policies before installing the scanning software

Is that clear ?  I know it's Friday night and it might not make much sense

Cheers
Si
0
 
outerheavenCommented:
what would recomend first, the process on the on access scanner is the McShield.exe, the recommended thing would be to do the exclusion from epo, and make them general to the organization it doesnt matter,  to ensure that the On Access Scanner is not enabled on the deployment there a section below each product that says command line options, in that box there you can type this
ENABLEONACCESSSCANNER= FALSE
and the on access scanner will be disabled on the installation and will be enabled upon the next agent policy enforcement interval.
the exclusions will be applied till the agent makes the enxt agent to server communication.
i work for mcafee, if i can help on any other way, dont hesitate im open to questions!!!
0
Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

 
legalsrlConnect With a Mentor Commented:
What I'm concerned about with the above method, is that, yes, you are disabling the on-access scanner, but that is only the on-access scanner.

I would deploy the ePO agent first, so it has time to pick up the policies prior to deploying VSE as disabling the on-access scanner as above will not prevent VSE from scanning the entire machine when the software is deployed, which is what Kam wants to do

If you set the exclusion and then, say, an hour later, deploy the antivirus, then the policy will be picked up first, and McAfee will know where and what, it can and can't scan.

outerheaven, do you work for McAfee in the US or the UK ?

Cheers
Si
0
 
legalsrlCommented:
Hiya

Nice to meet you outerheaven, hope to have you on here more !

Cheers
Si
0
 
outerheavenCommented:
thanks dude!!!  im a newbie here thanks for the welcome
0
 
legalsrlCommented:
Outer, we can soooo use your knowledge here, please dont' go anywhere !!!

It's always good to have a manufacturer contact here so I've very pleased to meet you !

Cheers
Si
0
All Courses

From novice to tech pro — start learning today.