Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 4628
  • Last Modified:

Creating Exceptions in McAfee VirusScan Enterprise 8.5.0i

We have McAfee VirusScan Enterprise 8.5.0i running on a Windows 2003 server as well as 7 workstations running Windows XP Pro.

Our main database application (a specialty optometrist office management program called MaximEyes which is based on FileMaker Pro) has been running much more slowly than usual lately.

We spoke to tech support at the company that makes the database application and they said that the application may be getting slowed down by our Antivirus and that we should try setting an exception or exclusion for their program so that it will not be constantly monitored by the antivirus.

Is there a way to do this in McAfee VirusScan Enterprise 8.5.0i?
1 Solution
Does this program connect to the internet regularly?

If yes, then the slow down is probably caused by the firewall. You may be able to create an exception by going to control panels>security center (I am a not sure if the security center button in there in v2003)

If no, which is most likely, then (assuming that tech support is correct about the anti virus, and they are not trying to blame their slow program on something else) it is probably the 'live monitoring' part of the anti-virus program that is causing problems. They best thing to do would be to turn this off and set up regular scans of the computer.
Yes, McAfee can have exclusions set.
If this is centrally managed, you can you use the ePolicy Orchestrator Console (ePO), if not, you'll need to configure each client individually.
To do this:
1. Launch the VirusScan console and double click on "On Access Scanner"
2. Select the "default processes" icon and select the "Detection" tab
3.  Under "what not to scan", click "exlcusions" and set up your exclusions appropriately

If it's like SQL, exclude all the database and log type files from both read and write

If the vendor is unsure of what needs to be excluded, you can:
1. use the sysinternals tool filemon to help.  Anything you see that has a high rate of reads and writes (i.e. pagefile.sys) can be exlcuded
2. check for files that you know are open and have not had the date modified time stamp modified since the program started - a good example of this is SQL server's database files (*.mdf) as these are locked open and are only updated as such when the SQL server service is stopped

anuneznycAuthor Commented:
Excellent thorough answer! Thank you.

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now