Showing results for 
Search instead for 
Did you mean: 

In ePO, Policy Discovery shows MMC.exe trying to modifying files (DLLs or MSIs)

I tried looking through the "Best Practice" guide for some insight on how to handle things like MMC.exe, notepad++.exe, powershell_ISE.exe. In my environment, I see these pop up once in a while. In some cases, the user is actively trying to modify scripts or other files through the programming interface within notepade++.exe or powershell_ISE.exe. In other cases, it is the mmc.exe trying to load a plug-in of some sort and it is flagging in Policy Discovery as trying to modify a DLL, which I suppose it is trying to load some random plug-in that the endpoint user wants to use.

My question rests in what is the recommended action on such discoveries. I feel that making notepad++.exe and powershell_ISE.exe an updater to allow these types of file modifications might create an invulnerability if a malicious script or file were to run through those programs. Am I being "too cautious" in that sense? Is it considered "best practice" to allow such programs, like MMC and notepad++/powershell_ISE as updaters to avoid work interruption for the end-users?

Thanks for your time. I appreciate any feedback on this.

1 Reply

Re: In ePO, Policy Discovery shows MMC.exe trying to modifying files (DLLs or MSIs)

Should be "might create a vulnerability if.....". Sorry for the typo.

McAfee ePO Support Center Plug-in
Check out the new McAfee ePO Support Center. Simply access the ePO Software Manager and follow the instructions in the Product Guide for the most commonly used utilities, top known issues announcements, search the knowledgebase for product documentation, and server status and statistics – all from within ePO.