Novell Home

Adding items to the Exclusion list for McAfee

Novell Cool Solutions: Trench
By Scott Garrett

Digg This - Slashdot This

Posted: 4 Jun 2003
 

I've written a VBS script that will exclude the spooler service files and spool directory on any NT/2000/XP machine running McAfee 4.5.x. It's very simple to add additional items to the script. It's very handy if you forget an item to exclude during the time of deploying McAfee.

Download the VBS script, and follow along with this example to see how to add items to it. (Complete instructions are in the zip file along with the script.)

Adding an Item to the Script

Here is an example of how to add an item.

1. Add a variable to the end of the Dim statement. Whatever variable you type in will also 'be used in the other code that you add later on in the script.

Dim numexclude, spooldir, spooldll, spoolexe, excludeitem, sys32dir, sys32dirlen, fso, stopsrv, newitem

Set fso = CreateObject("Scripting.FileSystemObject")
Set WshShell = WScript.CreateObject("WScript.Shell")

2. Initialize the variable with a value of zero.

newitem stopsrv = 0
spooldir = 0
spooldll = 0
spoolexe = 0
sys32dir = fso.GetSpecialFolder(1)
sys32dirlen = Len(sys32dir)

3. Add an IF THEN statement to check if the file or directory is already excluded. This is the tricky part.

If the file or folder is located in the system32 directory use this sample code. You'll need to replace FileOrFolder with the name of the file or directory you are excluding, and it must be in uppercase.

Examples:

  • If it's a file such as SERVICES.EXE then you'll need to type in |SERVICES.EXE
  • If it's a directory such as DRIVERS then you'll need to type in \DRIVERS
  • You'll also need to replace NumOfChars with the actual number of characters you typed 'to replace FileOrFolder.
If (UCase(Left((WshShell.Regread(excludeitem)), 
(sys32dirlen + NumOfChars)))) 
= (UCase(sys32dir & "FileOrFolder")) Then
     newitem = 1
   End If

If the file or folder is located in another directory use this sample code. You'll need to replace FileOrFolder with the name of the file or directory you are excluding, and it must be in uppercase. You'll also need to replace NumOfChars with the actual number 'of characters you typed to replace FileOrFolder.

Examples:

  • For the file C:\PROGRAM FILES\TEST.TXT you will need to type in C:\PROGRAM FILES|TEST.TXT
  • For the directory C:\PROGRAM FILES you will need to type in C:\PROGRAM FILES
If (UCase(Left((WshShell.Regread(excludeitem)), NumOfChars))) 
= (UCase("FileOrFolder")) Then
     newitem = 1
   End If

4. Now we need to actually exclude the item. For an item in the system32 directory use this code and replace FileOrFolder with what you typed in the previous step.

If newitem = 0 Then
   WshShell.RegWrite ("HKLM\Software\Network Associates\TVD\
   Shared Components\On Access Scanner\Vshield\System Scan\
   ExcludedItems\ExcludedItem_" & numexclude), 
   (sys32dir & "FileOrFolder |1|1"), "REG_SZ"
   WshShell.Regwrite ("HKLM\Software\Network Associates\TVD\
   Shared Components\On Access Scanner\Mcshield\
   Configuration\ExcludedItem_" & numexclude), 
   (sys32dir & "FileOrFolder||25|1"), "REG_SZ"
   numexclude = numexclude + 1
End If

For an item not in the system32 directory use this code and replace FileOrFolder with what you typed in the previous step.

If newitem = 0 Then
   WshShell.RegWrite ("HKLM\Software\Network Associates\TVD\
   Shared Components\On Access Scanner\Vshield\System Scan\
   ExcludedItems\ExcludedItem_" & numexclude), 
   ("FileOrFolder |1|1"), "REG_SZ"
   WshShell.Regwrite ("HKLM\Software\Network Associates\TVD\
   Shared Components\On Access Scanner\Mcshield\Configuration\
   ExcludedItem_" & numexclude), 
   ("FileOrFolder||25|1"), "REG_SZ"
   numexclude = numexclude + 1
End If

If you have any questions you may contact Scott at Scott.Garrett@infarmbureau.com


Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com

© 2014 Novell