Our developers use a tool called yarn to manage our Node packages and their dependencies - every github repo needs somewhere between 800 ~ 2000 node packages from yarnpkg and about 10 packages from github. We have been using Webroot managed by a thrid party and I am bringing AV in house with McAfee to reduce costs. We are using MVISION ePO and have deployed all the Mac agents and the Endpoint security for Windows. The only developer I deployed to so far is a Mac. The 2 windows machines are not developers but I do have developers on Windows. Other than going line by line and killing policies, I am hoping to get some direction where I can mark things as safe. I am not seeing any settings that will accept a URL and we are do not use file shares only cloud repositories.

I am looking for any direction I can.