Setting McAfee exclusions via ePO Server

Posted on 2008-10-09
Last Modified: 2013-12-09

We are running McAfee ePO server 4.0 and VirusScan client 8.5

I have some servers that need to be brought online shortly. The applications that are held on them need some specific exclusions set as regards AV scanning, otherwise they will become corrupt.

I was thinking of creating a container in the McAfee EPO server, creating a policy that excludes the appropriate files/folders, and then applying this policy to the container.

Is this the correct way of doing things? Or is it better to create the exclusions locally on the McAfee client on the servers themselves?

What I'm worried is that once McAfee is installed on these servers, it will instantly start scanning before the client has the chance to download and apply the correct policy from the ePO server.

Can anyone confirm what the process is?

This is an urgent question, so max points!

Question by:kam_uk
  • 4
  • 3
LVL 16

Expert Comment

ID: 22690206
Evening kam

McAfee scanning shouldn't corrupt any files, what programs are you talking about

I would personally set exclusions for scanning the specific directory structures through an exclusion policy

Once you have installed the ePO agent, it will download the latest policies before installing the scanning software

Is that clear ?  I know it's Friday night and it might not make much sense


Expert Comment

ID: 22691231
what would recomend first, the process on the on access scanner is the McShield.exe, the recommended thing would be to do the exclusion from epo, and make them general to the organization it doesnt matter,  to ensure that the On Access Scanner is not enabled on the deployment there a section below each product that says command line options, in that box there you can type this
and the on access scanner will be disabled on the installation and will be enabled upon the next agent policy enforcement interval.
the exclusions will be applied till the agent makes the enxt agent to server communication.
i work for mcafee, if i can help on any other way, dont hesitate im open to questions!!!
LVL 16

Assisted Solution

legalsrl earned 200 total points
ID: 22693219
What I'm concerned about with the above method, is that, yes, you are disabling the on-access scanner, but that is only the on-access scanner.

I would deploy the ePO agent first, so it has time to pick up the policies prior to deploying VSE as disabling the on-access scanner as above will not prevent VSE from scanning the entire machine when the software is deployed, which is what Kam wants to do

If you set the exclusion and then, say, an hour later, deploy the antivirus, then the policy will be picked up first, and McAfee will know where and what, it can and can't scan.

outerheaven, do you work for McAfee in the US or the UK ?

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.


Accepted Solution

outerheaven earned 300 total points
ID: 22694106
All the other modules of antivirus depend on the On Access Scanner if disable the on access scanner the buffer overflow and access protection will also be disabled, the only way the pc will be scanned is through an on demand scan, you first have to send the agent then the agent will install the antivirus he has the policies the only thing is that when he first installs the antivirus the policies from epo are not set this is why i disable the on access scanner first on the next policy enforcement the agent will set the policies and enable the on access scanner. and i work on the  US
LVL 16

Expert Comment

ID: 22694469

Nice to meet you outerheaven, hope to have you on here more !


Expert Comment

ID: 22706135
thanks dude!!!  im a newbie here thanks for the welcome
LVL 16

Expert Comment

ID: 22706518
Outer, we can soooo use your knowledge here, please dont' go anywhere !!!

It's always good to have a manufacturer contact here so I've very pleased to meet you !


Featured Post

Live: Real-Time Solutions, Start Here

Receive instant 1:1 support from technology experts, using our real-time conversation and whiteboard interface. Your first 5 minutes are always free.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Running with UAC disabled.... how bad is that? 6 83
latest list of viruses / malware signatures for F-Secure 5 74
antispam / virus gateway 5 57
Computer has been hijacked? 13 89
So you got the Conficker. You could go to each machine and run the eye chart test (, but in a bigger environment, or if you prefer to work smarter and not harder, you need some …
Have you ever tried to find someone you know on Facebook and searched to find more than one result with the same picture? Perhaps someone you know has told you that they have a 'facebook stalker' or someone who is 'posing as them' online and ta…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now