Showing results for 
Search instead for 
Did you mean: 

In ePO, Policy Discovery shows MMC.exe trying to modifying files (DLLs or MSIs)

I tried looking through the "Best Practice" guide for some insight on how to handle things like MMC.exe, notepad++.exe, powershell_ISE.exe. In my environment, I see these pop up once in a while. In some cases, the user is actively trying to modify scripts or other files through the programming interface within notepade++.exe or powershell_ISE.exe. In other cases, it is the mmc.exe trying to load a plug-in of some sort and it is flagging in Policy Discovery as trying to modify a DLL, which I suppose it is trying to load some random plug-in that the endpoint user wants to use.

My question rests in what is the recommended action on such discoveries. I feel that making notepad++.exe and powershell_ISE.exe an updater to allow these types of file modifications might create an invulnerability if a malicious script or file were to run through those programs. Am I being "too cautious" in that sense? Is it considered "best practice" to allow such programs, like MMC and notepad++/powershell_ISE as updaters to avoid work interruption for the end-users?

Thanks for your time. I appreciate any feedback on this.

1 Reply

Re: In ePO, Policy Discovery shows MMC.exe trying to modifying files (DLLs or MSIs)

Should be "might create a vulnerability if.....". Sorry for the typo.

Member Rewards
McAfee Community rewards active and helpful members just like you. Click here to take a look at the first community members who received a special reward and were recognized by McAfee leader, Aneel Jaeel, for their participation and trusted knowledge in the community.