Anti-Virus Scanning Engine 5.x.00 whitelisting for known clean Windows OS files
Last Modified: 2017-04-09 20:48:16 Etc/GMT
Affected Products
Languages:
This article is available in the following languages:
Trellix CEO, Bryan Palma, explains the critical need for security that’s always learning.
As per Gartner, "XDR is an emerging technology that can offer improved threat prevention, detection and response."
Trellix announced the establishment of the Trellix Advanced Research Center to advance global threat intelligence.
Trellix Advanced Research Center analyzes threat data on ransomware, nation-states, sectors, vectors, LotL, MITRE ATT&CK techniques, and emails.
As of May 14, 2024, Knowledge Base (KB) articles will only be published and updated in our new Trellix Thrive Knowledge space.
Log in to the Thrive Portal using your OKTA credentials and start searching the new space. Legacy KB IDs are indexed and you will be able to find them easily just by typing the legacy KB ID.
Anti-Virus Scanning Engine 5.x.00 whitelisting for known clean Windows OS files
Technical Articles ID:
KB67067
Last Modified: 2017-04-09 20:48:16 Etc/GMT EnvironmentMcAfee Anti-Virus Scanning Engine 5.x.00
McAfee Multiple products SummaryThe McAfee Engine uses whitelisting technology for certain known Microsoft Windows operating system clean files. This provides a significant performance benefit for On-Access Scanning and On-Demand Scanning when these files are accessed. McAfee updates the whitelist in line with new releases of Microsoft operating system files. FAQs
Which products benefit from the whitelisting technology? All McAfee desktop products running the McAfee Engine on Microsoft Windows operating systems benefit from this technology. How often can the whitelist be updated? The whitelist can potentially be updated for every DAT release. Updates may follow the Microsoft pattern for patch deployment. What precautions are in place to prevent the whitelisted files becoming an attack target? The whitelist is delivered as part of the AVV DAT file. This means that McAfee can be flexible in the methods used to uniquely identify the whitelist files. What precautions have been taken to prevent reverse engineering of the whitelist feature? The whitelist is delivered as part of the AVV DAT file. This means it benefits from the secure file format that is already in place for DAT delivery. Will the whitelist have any impact on a clean file that is not included? No. Is the whitelist enabled for gateway products? No, the whitelist is disabled for all gateway products. Can users disable the whitelist within a product? The whitelist cannot be controlled by users. Will McAfee publish the whitelist entries? McAfee does not publish the whitelist entries because this content is confidential to McAfee Labs. Can users add an entry to the whitelist? No. The whitelist is solely maintained by McAfee Labs. You can add exclusions to On-Access Scans and On-Demand Scans, but this does not apply to whitelists. Refer to the documentation for your point product for information on setting exclusions. For product documents, go to the Product Documentation portal.
Related InformationFor more information about the Engine release schedule, see KB66741.
Affected ProductsLanguages:This article is available in the following languages: |
|