Hi,

Can someone help to sort out a little 'friendly' discussion we have been having here on SCEP policies?

Q1. Do the excluded file and folder settings in a SCEP policy only work during scheduled scans, or scheduled and on demand scans?

Q2. Are the exclusions also taken account of for real-time protection? So if I copy the EICAR test file to an excluded folder, should the SCEP client pop up and tell me it's dealing with it, or ignore it because it's an excluded location? We seem to be getting mixed results...

Thanks.

Do the excluded file and folder settings in a SCEP policy only work during scheduled scans, or scheduled and on demand scans? - I think once you exclude files and folders in SCEP policy, it ignores the scan all the time.

Are the exclusions also taken account of for real-time protection? So if I copy the EICAR test file to an excluded folder, should the SCEP client pop up and tell me it's dealing with it, or ignore it because it's an excluded location? - If my answer to the first question is true then EICAR test file should be ignored (provided you place it in the excluded folder).

Since this is a discussion based question, let's see what other experts say.

Some good info - https://kc.mcafee.com/corporate/index?page=content&id=KB59742

"If the exclusions are configured properly, EICAR.COM runs without being detected."

Thanks Prajwal.

Good to know what the official answer is as I'm seeing some different behaviour. The EICAR file seems to be ignored in some excluded locations, but not others. It's as if some exclusions work for real-time protection and others don't.

Anything with %localappdata% in as part of the path definitely does NOT work. I can also do a custom scan on these locations and it still goes ahead and scans them. Whereas full path exclusions are ignored during a custom scan.

%localappdata% is a per user environment variable and thus is meaningless for something running as the local system account.

Yes, I know this is an old post, but Im trying to clean them up. Did you solve this problem, if so what was the solution?

Since no one has answer this post, I recommend opening  a support case with Microsoft Customer Support Services (CSS) as they can work with you to solve this problem.