Manualshelf

Product guide

ManualsBrandsMcAfee ManualsComputer equipmentSAV85E - Active VirusScan - PC
21222324252627282930
Configuring file exclusions on Windows Domain
Controller
To improve VirusScan Enterprise on-access scan performance, configure exclusions for some
files used by Windows Domain Controller with Active Directory or File Replication Services. Only
the following server operating systems include these files:
Microsoft Windows 2008
Microsoft Windows 2003
Microsoft Windows 2000
CAUTION: This best practice contains information about opening or modifying the registry.
The following information is intended for System Administrators. Registry modifications are
difficult to restore and could cause system failure if done incorrectly.
Before proceeding, McAfee strongly recommends backing up your registry and understanding
the restore process. For more information, see: http://support.microsoft.com/kb/256986
Do not run a .REG file that is not confirmed to be a genuine registry import file.
CAUTION: Where a specific set of files is identified by name for exclusion, exclude only those
files instead of the whole folder to minimize vulnerability. In some cases entire folders must be
excluded. Do not exclude any of these files based on the filename extension. For example, do
not exclude all files with the .dit extension.
To configure these exclusions using ePolicy Orchestrator, access the VirusScan Enterprise 8.8.0,
On-Access Default Processes Policy, and click the Exclusions tab. Add exclusions for the
files listed in the following section
Active Directory and Active Directory-Related Files
.
The following ePolicy Orchestrator 4.5 display shows exclusions configured for Main NTDS
database files:
Configuring Performance Improvements
Configuring file exclusions on Windows Domain Controller
McAfee VirusScan Enterprise 8.822