Setup guide
McAfee ePO
Advanced Suite Installer Product Guide
McAfee ePO
Advanced Suite Installer Page 13
1 Click the System Tree button on the favorites bar.
2 Highlight the SQL Servers group.
3 Click the Assigned Policies tab.
4 From the Product drop-down menu, select VirusScan Enterprise 8.8.0.
5 On the line that lists On-Access Default Processes Policies, click Edit Assignment.
6 For Inherit from, select Break inheritance and assign the policy and settings below.
7 From the Assigned Policy drop-down menu, select EASI – Default: MS SQL Servers.
8 Click Save.
Follow these steps to assign the Low-Risk Processes Policy to the SQL Servers group.
1 Click the System Tree button on the favorites bar.
2 Highlight the SQL Servers group.
3 Click the Assigned Policies tab.
4 From the Product drop-down menu, select VirusScan Enterprise 8.8.0.
5 On the line that lists On-Access Low-Risk Processes Policies, click Edit Assignment.
6 For Inherit from, select Break inheritance and assign the policy and settings below.
7 From the Assigned Policy drop-down menu, select EASI – Low: MS SQL Servers.
8 Click Save.
Here’s another way of looking at the type of policies you just assigned.
• A Low Risk Processes policy has process exclusions specific to the system type to which it is
being deployed. In other words, VirusScan might scan little or nothing for a select group of low-
risk processes as configured, such as sqlserver.exe and sqlwriter.exe.
• A Default Processes policy has common file & directory exclusions specific to the system type to
which it is being deployed. File reads and writes by any process not classified as Low-Risk will
trigger normal file scanning, except on the database and other key files and directories, i.e., your
standard AV exclusions.
Quick Tip: Standard desktops and file servers might use a Default-only policy, as process exclusions
are not typically required. You can get additional information on Risk-Based Scanning from the McAfee
Knowledgebase articles
KB55139 and KB66036, and the McAfee Quick Tips video What is Risk Based
Scanning?.
Host IPS policies
Please note that McAfee Host IPS has two main components: kernel-level IPS protection and a firewall.
The McAfee EPS suite contains the firewall only, while the EPA suite contains both components. If you
are evaluating the EPS suite, skip to the section entitled Host IPS Firewall.
The main function of McAfee Host IPS is to protect systems against known and unknown attacks. This is
often achieved without an update to the software, by use of patented buffer overflow and other
behavioral protection. It has the additional benefit reducing the urgency and frequency of patching by
protecting vulnerabilities from exploit even before a patch has been applied. Consider the time spent on
patching within your organization. By deploying Host IPS, many of those vulnerabilities would be
protected from exploit, allowing you to patch on a more reasonable schedule. For example, McAfee Host
IPS protected against 60% of all exploits against Microsoft vulnerabilities, and nearly 75% of all exploits
against Adobe vulnerabilities, disclosed between 2006 and 2011. Also consider the Host IPS ability to
protect systems against exploit on those occasions when a new vulnerability exists but the corresponding
patch is not yet available.