cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Former Member
Not applicable
Report Inappropriate Content
Message 1 of 2
‎09-06-2017 10:33 AM

Understand Low Risk and Whitelisting

Pretty new to this and I'm trying to understand how best to install and implement a security application on all of our endpoints.  This will be done with EPO eventually, but for now I'm just using the VirusScan Console.  The application states the following: List agent executable files as low-risk processes.  I assume this is referring to On-Access scanner and if the process is named yyy.exe it would just be listed in the processes tab? Under Scan Items tab I assume you would uncheck "When writing to disk" and "When reading from disk" so that when the process touches files they will not be scanned?  Does this seem correct?  How does the exclusions tab fit in with this?

Second, the application document states: It is a good idea to whitelist or exclude associated application files from real-time scanning and behavioral analysis.  It lists a number of files to Whitelist:

%ProgramFiles%\yyyy\xxxx\xxx.dll

%ProgramFiles(x86)%\yyyy\xxxx\xxx..sys

.... etc

What's the best way to whitelist these files?  I'm not sure where to do it so that full scans and onaccess scans will not touch them. Can this just go in the exclusions for the Default Processes tab on the On-Access scanner tab.

0 Kudos
Reply
1 Reply
spederse
Employee
Employee
Report Inappropriate Content
Message 2 of 2
‎09-07-2017 01:32 PM

Re: Understand Low Risk and Whitelisting

Why some processes should be added to low-risk exclusions

https://kc.mcafee.com/corporate/index?page=content&id=KB66036

Understanding High-Risk, Low-Risk, and Default processes configuration and usage

https://kc.mcafee.com/corporate/index?page=content&id=KB55139

Great video which provides information about how to use Low Risk Process Policy in VirusScan Enterprise for performance optimization and reducing the need for file and folder exclusions. This video is not new, but the use of Low Risk Process Policy is often misunderstood.

https://kc.mcafee.com/content/tutorials/vse/Public_Hi-LoRiskProfiles.html

The VSE Low Risk process description for DLPE:

https://kc.mcafee.com/corporate/index?page=content&id=KB68520

General document.

https://kc.mcafee.com/corporate/index?page=content&id=KB66909

Reply
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use our Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from product experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by employees.
Join the Community
Join the Community

TrellixSkyhigh Security | Support Trellix.com SkyhighSecurity.com

Legal Privacy Copyright © 2023 Musarubra US LLC