Is anybody using the latest McAfee AV product ? I am lookign to pull the list of scanning exclusions, but can only find them in the registry as a multi-string value -
Hers the output from Fixlet Debugger -
q: (value “exclusions” of key “HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\AVSolution\OAS\EXCLUSION_EXCLUDE_OAS_PROCESS_GROUP_DEFAULT” of native registry)
A: 3|7|\Device\HarddiskVolume3\Windows\CCMCache>C:\Windows\CCMCache%004|3|ost%003|3|\Device\HarddiskVolume3\Program Files (x86)\CompanyName\launchgenie.exe>C:\Program Files (x86)\CompanyName\launchgenie.exe%003|7|\Device\HarddiskVolume3\Users*\AppData\LocalLow\Bromium>C:\Users*\AppData\LocalLow\Bromium%003|7|\Device\HarddiskVolume3\Users*\AppData\Local\Bromium>C:\Users*\AppData\Local\Bromium%003|7|\Device\HarddiskVolume3\Program Files\Bromium>C:\Program Files\Bromium%003|7|\Device\HarddiskVolume3\ProgramData\Bromium>C:\ProgramData\Bromium%003|7|\Device\HarddiskVolume3\Users*\AppData\Roaming\CompanyName>C:\Users*\AppData\Roaming\CompanyName%003|3|\Device\HarddiskVolume3\Program Files\McAfee\DLP\Agent\fcags.exe>C:\Program Files\McAfee\DLP\Agent\fcags.exe%003|3|\Device\HarddiskVolume3\Program Files\McAfee\DLP\Agent\fcag.exe>C:\Program Files\McAfee\DLP\Agent\fcag.exe%003|3|\Device\HarddiskVolume3\Program Files\McAfee\DLP\Agent\fcagswd.exe>C:\Program Files\McAfee\DLP\Agent\fcagswd.exe%003|3|\Device\HarddiskVolume3\Program Files\McAfee\DLP\Agent\fcagte.exe>C:\Program Files\McAfee\DLP\Agent\fcagte.exe%003|3|\Device\HarddiskVolume3\Program Files\McAfee\DLP\Agent\fcagt.exe>C:\Program Files\McAfee\DLP\Agent\fcagt.exe%003|7|\Device\HarddiskVolume3\Documents and Settings\All Users\Application Data\McAfee\DLP>C:\Documents and Settings\All Users\Application Data\McAfee\DLP%003|7|\Device\HarddiskVolume3\ProgramData\McAfee\DLP>C:\ProgramData\McAfee\DLP%003|3|\Device\HarddiskVolume3\Program Files\McAfee\Endpoint Encryption for Files and Folders\MfeEERM.exe>C:\Program Files\McAfee\Endpoint Encryption for Files and Folders\MfeEERM.exe%003|3|\Device\HarddiskVolume3\Program Files\McAfee\Endpoint Encryption for Files and Folders\MfeFfCore.exe>C:\Program Files\McAfee\Endpoint Encryption for Files and Folders\MfeFfCore.exe%003|7|\Device\HarddiskVolume3\Program Files\Symantec\Backup Exec>C:\Program Files\Symantec\Backup Exec%003|7|\Device\HarddiskVolume3\Program Files\McAfee\Endpoint Encryption Agent>C:\Program Files\McAfee\Endpoint Encryption Agent%003|7|\Device\HarddiskVolume3\windows\SshCache>C:\windows\SshCache%003|7|\Device\HarddiskVolume3\ProgramData\Confer>C:\ProgramData\Confer%003|7|\Device\HarddiskVolume3\Program Files\Confer>C:\Program Files\Confer%003|7|\Device\HarddiskVolume3\Program Files (x86)\Products\Timing Service>C:\Program Files (x86)\Products\Timing Service%003|7|\Device\HarddiskVolume3\Program Files (x86)\FireEye\Timing Service>C:\Program Files (x86)\FireEye\Timing Service%003|3|\Device\HarddiskVolume3\ProgramData\Timing Service>C:\ProgramData\Timing Service%003|7|\Device\HarddiskVolume3\ProgramData\Timing Service>C:\ProgramData\Timing Service%003|7|\Device\HarddiskVolume3\Program Files\Manufacturer\Endpoint Agent>C:\Program Files\Manufacturer\Endpoint Agent%003|7|\Device\HarddiskVolume3\Program Files\Symantec\Endpoint Agent>C:\Program Files\Symantec\Endpoint Agent%003|7|\Device\HarddiskVolume3\Program Files (x86)\BigFix Enterprise>C:\Program Files (x86)\BigFix Enterprise%003|7|A:\VMS>A:\VMS%003|7|B:\VMS>B:\VMS%003|7|\Device\HarddiskVolume3\VMS>C:\VMS%00
T: 0.415 ms
I: singular registry key value
Using relevance I want the preceding text of the last “” of following text after the first “” of line that contains “HarddiskVolume” …
Does that make sense ?
is there an easier way to extract this info ?