Community Help Hub

User29439975 · ‎02-03-2020

Hi, I am performing ePO policy cleanup as part of Health Report recommendations. I have exported all ENS policies manually as there is no bulk export functionality in ePO and cripted XML parser to agregate all the policy settings in one CSV. Now I am trying to relate XML exported settings with GUI settings. Some of them are self-explanatory but some of them I just can't find. I didn't find any KB or article from McAfee. Does anybody know how can I relate exported XML settings with GUI? E.g. What setting in XML file represents Endpoint Security Threat Prevention -> On-Access Scan -> Low-Risk Processes > Settings -> File types to scan Thank you!

Former Member · ‎02-04-2020

As mentioned, the setting you are looking for would be here:

LowRisk-Detection

szProgExts

However it won't give you a 1 or 0 value because the output is a list of file types.

View solution in original post

Former Member · ‎02-04-2020

Hi @User29439975

We don't have this documented anywhere I'm afraid. Your best option would be to open the xml in something easily searchable i.e. Notepad++ and look for something specific within that setting i.e. if you are looking for "Low-Risk Processes" then search for one of your defined low risk processes and you'll find the right section.

For Endpoint Security Threat Prevention -> On-Access Scan -> Low-Risk Processes > Settings, you'll want to look at:

User29439975 · ‎02-04-2020

Hi chealey ,

Thank you for quick reply.

Yes, that was my approached but I still was not able to identofy those.

Some of the settings are self explanatory and can be identified easily like:

bScanArchives	for "Compressed archieve files"
bScanBackupReads	for "Opened for backup"
bScanMime	for "Compressed MIME-encoded files"

But I can't relate anything with "File types to scan".

Is there anything you identiy?

Section	Setting	Value
LowRisk-Detection	bApplyNVP	1
LowRisk-Detection	bNetworkScanEnabled	0
LowRisk-Detection	bScanArchives	0
LowRisk-Detection	bScanBackupReads	0
LowRisk-Detection	bScanMime	0
LowRisk-Detection	bScanReading	1
LowRisk-Detection	bScanWriting	1
LowRisk-Detection	bUnknownMacroHeuristics	0
LowRisk-Detection	bUnknownProgramHeuristics	0
LowRisk-Detection	extensionMode	1
LowRisk-Detection	szProgExts
LowRisk-Detection	uAction	1
LowRisk-Detection	uAction_Program	1
LowRisk-Detection	uScanErrorAction	4
LowRisk-Detection	uSecAction	2
LowRisk-Detection	uSecAction_Program	2
LowRisk-Detection	uTimeOutAction	4

Former Member · ‎02-04-2020

As mentioned, the setting you are looking for would be here:

LowRisk-Detection

szProgExts

However it won't give you a 1 or 0 value because the output is a list of file types.

User29439975 · ‎02-04-2020

Thank you. Didn't get that from first post 🙂

User29439975 · ‎07-10-2020

Hey Guys,

Is there any dictionary that describes what policy export XML settings/tags stand for?

Eg. I have a number of excluded folders under ENS On-Access Scan in my policies. In exported XML file exclusions are listed in the following format:

It seems that:

3|3 stands for - Read/Write, Subfolders excluded "No"
3|7 stands for - Read/Write, Subfolders excluded "Yes"
4|3 stands for - Read/Write, Subfolders excluded "Yes"
3|6 stands for - Read, Subfolders excluded "No"
0|3 stands for - Modified 90 or more days ago

But this is only speculation. Is there any full list of available options?

AHal · ‎03-17-2023

Hi all,

I am having this same problem aswell.

Is there any document that translates the XML settings as to what is in the GUI? Some of them are obvious, others not.

Many thanks.

Match XML policy exports with GUI setting names

Re: Match XML policy exports with GUI setting names

Re: Match XML policy exports with GUI setting names

Re: Match XML policy exports with GUI setting names

Re: Match XML policy exports with GUI setting names

Re: Match XML policy exports with GUI setting names

Re: Match XML policy exports with GUI setting names

Re: Match XML policy exports with GUI setting names

Community Help Hub

Join the Community