McAfee exclusion configuration question

We are planning to upgrade, but we've got >100 installations and we need a
workaround that will work with our current version.

We're also trying to get the ePolicy orchestrator running so that we don't
have to change settings through registry hacks, but that's another story.

Thank you for the advice.

Colin

"Mal" <Mal_Murray RemoveThis @Hotmail.com> wrote in message
news:3FA0E3B9.B2D7CAB6@Optusnet.com.au...
> Colin Odden wrote:
> >
> > We're using McAfee VirusScan 4.5.1 SP1 on Windows 2000 desktops and use
> > Eudora as our mail client. There's a nasty interaction between the two
> > programs that's well-documented, the workaround being the exclusion of
> > Eudora's spool directory. Unfortunately, on our machines Eudora's spool
> > directory is in the user's profile (c:\documents and
settings\%user%\...).
> > When we add an exclusion via the System Scan settings panel, it comes
out
> > specific to the user that's logged in at the time. I've tried making
> > registry edits to replace the username with Win2k's environment variable
for
> > the current user, but McAfee doesn't honor it; it just shows up as
%user%.
>
>
> You could investigate upgrading to VirusScan 7.1 (corporate) - I believe
> it has the modifications for what you need.
 >> Stay informed about: McAfee exclusion configuration question 

"Colin Odden" <cdo-nntp RemoveThis @sociology.ohio-state.edu> wrote in
news:bnram6$neo$1@charm.magnus.acs.ohio-state.edu:

> We are planning to upgrade, but we've got >100 installations and we need
> a workaround that will work with our current version.

Turn off mail scan. The on access scan will catch anything if you try to
run it.

> We're also trying to get the ePolicy orchestrator running so that we
> don't have to change settings through registry hacks, but that's another
> story.
>
> Thank you for the advice.
>
> Colin
>
> "Mal" <Mal_Murray RemoveThis @Hotmail.com> wrote in message
> news:3FA0E3B9.B2D7CAB6@Optusnet.com.au...
>> Colin Odden wrote:
>> >
>> > We're using McAfee VirusScan 4.5.1 SP1 on Windows 2000 desktops and
>> > use Eudora as our mail client. There's a nasty interaction between
>> > the two programs that's well-documented, the workaround being the
>> > exclusion of Eudora's spool directory. Unfortunately, on our machines
>> > Eudora's spool directory is in the user's profile (c:\documents and
> settings\%user%\...).
>> > When we add an exclusion via the System Scan settings panel, it comes
> out
>> > specific to the user that's logged in at the time. I've tried making
>> > registry edits to replace the username with Win2k's environment
>> > variable
> for
>> > the current user, but McAfee doesn't honor it; it just shows up as
> %user%.
>>
>>
>> You could investigate upgrading to VirusScan 7.1 (corporate) - I
>> believe it has the modifications for what you need.
>
>
>
 >> Stay informed about: McAfee exclusion configuration question 

This is a common misconception, which is why I'm posting a reply to the
list.

I'm NOT talking about version 7, to which the advice from FuzzyLogic might
apply. Version 4.5 has several components, some of which trip over each
other. Email scan falls within the scope of Download Scan, which is distinct
from System Scan. There is no On Access scan in version 4.x.

I'm posting a follow-up question about this, since I've still got weird
behavior in VirusScan after making what I thought are the proper
configuration changes.

(thanks) -Colin

"Fuzzy Logic" <bob.DeleteThis@arc.ab.caREMOVETHIS> wrote in message
news:Xns94248B301E72Cbobarcabca@198.161.157.145...
> "Colin Odden" <cdo-nntp.DeleteThis@sociology.ohio-state.edu> wrote in
> news:bnram6$neo$1@charm.magnus.acs.ohio-state.edu:
>
> > We are planning to upgrade, but we've got >100 installations and we need
> > a workaround that will work with our current version.
>
> Turn off mail scan. The on access scan will catch anything if you try to
> run it.
>
> > We're also trying to get the ePolicy orchestrator running so that we
> > don't have to change settings through registry hacks, but that's another
> > story.
> >
> > Thank you for the advice.
> >
> > Colin
> >
> > "Mal" <Mal_Murray.DeleteThis@Hotmail.com> wrote in message
> > news:3FA0E3B9.B2D7CAB6@Optusnet.com.au...
> >> Colin Odden wrote:
> >> >
> >> > We're using McAfee VirusScan 4.5.1 SP1 on Windows 2000 desktops and
> >> > use Eudora as our mail client. There's a nasty interaction between
> >> > the two programs that's well-documented, the workaround being the
> >> > exclusion of Eudora's spool directory. Unfortunately, on our machines
> >> > Eudora's spool directory is in the user's profile (c:\documents and
> > settings\%user%\...).
> >> > When we add an exclusion via the System Scan settings panel, it comes
> > out
> >> > specific to the user that's logged in at the time. I've tried making
> >> > registry edits to replace the username with Win2k's environment
> >> > variable
> > for
> >> > the current user, but McAfee doesn't honor it; it just shows up as
> > %user%.
> >>
> >>
> >> You could investigate upgrading to VirusScan 7.1 (corporate) - I
> >> believe it has the modifications for what you need.
> >
> >
> >
>
 >> Stay informed about: McAfee exclusion configuration question 

"Colin Odden" <cdo-nntp RemoveThis @sociology.ohio-state.edu> wrote in
news:bnuhu9$853$1@charm.magnus.acs.ohio-state.edu:

> This is a common misconception, which is why I'm posting a reply to the
> list.
>
> I'm NOT talking about version 7, to which the advice from FuzzyLogic
> might apply. Version 4.5 has several components, some of which trip over
> each other. Email scan falls within the scope of Download Scan, which is
> distinct from System Scan. There is no On Access scan in version 4.x.

System Scan is the on access scan. Disable Download/Email Scan as that is
what is causing the problem. We have 4.5.1 here and only install System
Scan and Internet Scan but don't use the download/email scan.

> I'm posting a follow-up question about this, since I've still got weird
> behavior in VirusScan after making what I thought are the proper
> configuration changes.
>
> (thanks) -Colin
>
> "Fuzzy Logic" <bob RemoveThis @arc.ab.caREMOVETHIS> wrote in message
> news:Xns94248B301E72Cbobarcabca@198.161.157.145...
>> "Colin Odden" <cdo-nntp RemoveThis @sociology.ohio-state.edu> wrote in
>> news:bnram6$neo$1@charm.magnus.acs.ohio-state.edu:
>>
>> > We are planning to upgrade, but we've got >100 installations and we
>> > need a workaround that will work with our current version.
>>
>> Turn off mail scan. The on access scan will catch anything if you try
>> to run it.
>>
>> > We're also trying to get the ePolicy orchestrator running so that we
>> > don't have to change settings through registry hacks, but that's
>> > another story.
>> >
>> > Thank you for the advice.
>> >
>> > Colin
>> >
>> > "Mal" <Mal_Murray RemoveThis @Hotmail.com> wrote in message
>> > news:3FA0E3B9.B2D7CAB6@Optusnet.com.au...
>> >> Colin Odden wrote:
>> >> >
>> >> > We're using McAfee VirusScan 4.5.1 SP1 on Windows 2000 desktops
>> >> > and use Eudora as our mail client. There's a nasty interaction
>> >> > between the two programs that's well-documented, the workaround
>> >> > being the exclusion of Eudora's spool directory. Unfortunately, on
>> >> > our machines Eudora's spool directory is in the user's profile
>> >> > (c:\documents and
>> > settings\%user%\...).
>> >> > When we add an exclusion via the System Scan settings panel, it
>> >> > comes
>> > out
>> >> > specific to the user that's logged in at the time. I've tried
>> >> > making registry edits to replace the username with Win2k's
>> >> > environment variable
>> > for
>> >> > the current user, but McAfee doesn't honor it; it just shows up as
>> > %user%.
>> >>
>> >>
>> >> You could investigate upgrading to VirusScan 7.1 (corporate) - I
>> >> believe it has the modifications for what you need.
>> >
>> >
>> >
>>
>
>
 >> Stay informed about: McAfee exclusion configuration question 

Colin:

Don't be fearful. I push McAfee SuperDAT via a KixTart Login script. I stop the service,
run the SuperDAT, remove NAI Registry keys then merge a REG file (for configuration
management purposes), write a version counter file, then start the service. This is done
when there is a new DAT release.

Between DAT updates, if I have a downloaded EXTRA.DAT file, the process is -- stop the
service, copy the EXTRA.DAT, then start the service. this is done for EVERY logon if an
EXTRA.DAT is present and there is no NEW DAT release (determined by version counter).

If you email me (just remove ~nospam~) I'll send you a copy of the NTScript.KIX file.

Dave



"Colin Odden" <cdo-nntp.TakeThisOut@sociology.ohio-state.edu> wrote in message
news:bnuhkv$82o$1@charm.magnus.acs.ohio-state.edu...
| Dave,
|
| This is a cool idea, but really dangerous. I could ultimately script the
| same thing on my own:
|
| On logon, get the username.
| Write the exclusion key to a file
| Stop avsynmgr
| run regedit and silently merge the key into the registry
| Start avsynmgr
|
| Unfortunately, I'm scared about stopping & starting the service on every
| logon. Also, stopping / starting services requires administrative
| privileges, something our users don't have. I don't want to hardcode
| administrative usernames / passwords into a script, so this method doesn't
| work.
|
| VirusScan and Eudora are site-licensed such that we get it for free (well,
| not free if you consider support costs, but it's still a bargain and we're
| happy), so using a different email client isn't an option. In fact, even if
| software cost >$0, getting a couple hundred users to change their email
| client because of this glitch simply isn't worthwhile.
|
| Thanks for the tip. -Colin
 >> Stay informed about: McAfee exclusion configuration question 

Colin:

There is an On Access scan in almost all versions of McAfee client and server products
(Enterprise v7.x, Netshield 4.5.0, VirusScan v4.5.1 corp., and retail versions).

In v4.5.1 corp. edition, the sub-component is called 'VShield' but it still is an On Access
scanner.

Dave


"Colin Odden" <cdo-nntp.RemoveThis@sociology.ohio-state.edu> wrote in message
news:bnuhu9$853$1@charm.magnus.acs.ohio-state.edu...
| This is a common misconception, which is why I'm posting a reply to the
| list.
|
| I'm NOT talking about version 7, to which the advice from FuzzyLogic might
| apply. Version 4.5 has several components, some of which trip over each
| other. Email scan falls within the scope of Download Scan, which is distinct
| from System Scan. There is no On Access scan in version 4.x.
|
| I'm posting a follow-up question about this, since I've still got weird
| behavior in VirusScan after making what I thought are the proper
| configuration changes.
|
| (thanks) -Colin
 >> Stay informed about: McAfee exclusion configuration question 

We use ALL the components in v4.5.1 SP1. Since we have Outlook 2000 and exchange servers,
we definitely use the email scanner and its MAPI interface. And this also includes the URL
and IP blocks. Something dropped in v7.x Enterprise. One reason I don't want to use
Enterprise v7.0. Another reason is that it no longer interprets VSC files, yet, the v7.x
Retail version does. The way I see it, the corp. administrator has a GREATER need to
distribute and use VSC files than a home, retail version, user. The only reason I can think
they do this is they ASSUME the corp. admin. would use ePO v3.0. However, I do everything
via the Domain Login Script and see no need for ePO. Most people don't even realize that
ePO had a few versions that were vulnerable to the Slammer worm due to the use of MSDE.

One way I use VSC files is for a mandated daily scan. We use a VSC file that we distribute
that is used at 1145 to scan the end-user's PC is scheduled and launched by the MS Tasker
(%windir%\tasks).

The reason we like the IP address and URL blocks is....say a user goes to Napster.Com. The
LAN admin. team gets a NetBIOS Pop-Up, the event gets logged and we have blocked the
end-user from generating a "bad user did something wrong" report from the WAN team. This
would make our office look bad in their reports to the "big bosses" in our "company".

Dave



"Fuzzy Logic" <bob DeleteThis @arc.ab.caREMOVETHIS> wrote in message
news:Xns94259E5C2C85bobarcabca@198.161.157.145...
| "Colin Odden" <cdo-nntp DeleteThis @sociology.ohio-state.edu> wrote in
| news:bnuhu9$853$1@charm.magnus.acs.ohio-state.edu:
|
| > This is a common misconception, which is why I'm posting a reply to the
| > list.
| >
| > I'm NOT talking about version 7, to which the advice from FuzzyLogic
| > might apply. Version 4.5 has several components, some of which trip over
| > each other. Email scan falls within the scope of Download Scan, which is
| > distinct from System Scan. There is no On Access scan in version 4.x.
|
| System Scan is the on access scan. Disable Download/Email Scan as that is
| what is causing the problem. We have 4.5.1 here and only install System
| Scan and Internet Scan but don't use the download/email scan.
|
| > I'm posting a follow-up question about this, since I've still got weird
| > behavior in VirusScan after making what I thought are the proper
| > configuration changes.
| >
| > (thanks) -Colin
| >
| > "Fuzzy Logic" <bob DeleteThis @arc.ab.caREMOVETHIS> wrote in message
| > news:Xns94248B301E72Cbobarcabca@198.161.157.145...
| >> "Colin Odden" <cdo-nntp DeleteThis @sociology.ohio-state.edu> wrote in
| >> news:bnram6$neo$1@charm.magnus.acs.ohio-state.edu:
| >>
| >> > We are planning to upgrade, but we've got >100 installations and we
| >> > need a workaround that will work with our current version.
| >>
| >> Turn off mail scan. The on access scan will catch anything if you try
| >> to run it.
| >>
| >> > We're also trying to get the ePolicy orchestrator running so that we
| >> > don't have to change settings through registry hacks, but that's
| >> > another story.
| >> >
| >> > Thank you for the advice.
| >> >
| >> > Colin
| >> >
| >> > "Mal" <Mal_Murray DeleteThis @Hotmail.com> wrote in message
| >> > news:3FA0E3B9.B2D7CAB6@Optusnet.com.au...
| >> >> Colin Odden wrote:
| >> >> >
| >> >> > We're using McAfee VirusScan 4.5.1 SP1 on Windows 2000 desktops
| >> >> > and use Eudora as our mail client. There's a nasty interaction
| >> >> > between the two programs that's well-documented, the workaround
| >> >> > being the exclusion of Eudora's spool directory. Unfortunately, on
| >> >> > our machines Eudora's spool directory is in the user's profile
| >> >> > (c:\documents and
| >> > settings\%user%\...).
| >> >> > When we add an exclusion via the System Scan settings panel, it
| >> >> > comes
| >> > out
| >> >> > specific to the user that's logged in at the time. I've tried
| >> >> > making registry edits to replace the username with Win2k's
| >> >> > environment variable
| >> > for
| >> >> > the current user, but McAfee doesn't honor it; it just shows up as
| >> > %user%.
| >> >>
| >> >>
| >> >> You could investigate upgrading to VirusScan 7.1 (corporate) - I
| >> >> believe it has the modifications for what you need.
| >> >
| >> >
| >> >
| >>
| >
| >
|
 >> Stay informed about: McAfee exclusion configuration question