cancel
Showing results for 
Search instead for 
Did you mean: 

Access denied on writing to owned file

Hi Guys,

I am trying to integrate our new software at a client's location that uses McAfee on a domain.
Our software creates its own Database files and starts a LocalDB instance. (Creating the instance files at runtime and using them to start sqlservr.exe).
I get an access denied error when the process tries to start a second time. The security descriptors on the files seem ok but I also have some audit logs that are actively changing security descriptors on HANDLES.
Could this be an effect of the McAfee suite? Would any of the endpoint security processes be changing the security descriptors of running handles to only allow users from the domain to use specific files?

 

Any help is appreciated.

 

Cheers,

Max

1 Reply
McAfee Employee jess_arman
McAfee Employee
Report Inappropriate Content
Message 2 of 2

Re: Access denied on writing to owned file

@techguy1991 

If you are looking to determine ENS module involvement in your issue, the best method for isolating which component (if any) is the perpetrator would be progressive disablement. Does the issue still occur if you temporarily disable Access Protection? What about On-Access Scanner? If so for either, then you would want to do the following, respectively: check the AP log at %deflogdir% to determine the triggered rule for which you could implement a process exclusion, or implement the ZZZ test to determine if a strategic OAS exclusion of your software's processes may resolve the issue.

ENS will not change the descriptors of running handles, but depending on product rules in place/configuration, it can prevent actions attempted by processes on the system.

 

Was my reply helpful?

If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply so together we can help other members?

More McAfee Tools to Help You
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • Visit: Business Service Portal
  • More: Search Knowledge Articles
  • ePolicy Orchestrator Support

    • Download the new ePolicy Orchestrator (ePO) Support Center Extension which simplifies ePO management and provides support resources directly in the console. Learn more about ePO Support Center