cancel
Showing results for 
Search instead for 
Did you mean: 
Reliable Contributor SWISS
Reliable Contributor
Report Inappropriate Content
Message 1 of 6

BUG: EPO 5.9.1, 10.7, ATP, unable to ADD or MODIFY existing detection

Jump to solution

BUG: EPO 5.9.1, 10.7, ATP, unable to ADD or MODIFY existing detection

The HTML mask does not accept Forwardslash / but ATP/DAC detecects it like that!

 

* EPO 5.9.1 LATEST FIXES

* Agent 5.6.2.209

* ENS 10.7 Plattform, Exploit, ATP Module

 

Endpoint Security Threat Prevention : Richtlinienkategorie > Optionen > CLI_10_OPTIONS
 2019-11-25 17_53_07-Window.png
 
2019-11-25 18_00_00-Window.png

 

 2019-11-25 18_00_39-Window.png

 

1 Solution

Accepted Solutions
McAfee Employee chealey
McAfee Employee
Report Inappropriate Content
Message 4 of 6

Re: BUG: EPO 5.9.1, 10.7, ATP, unable to ADD or MODIFY existing detection

Jump to solution

Hi @SWISS 

Thank you for bringing this to our attention. Indeed, I can reproduce this in my test environment very easily and can confirm it did work in 10.6 and below so definitely seems like an issue.

I would however agree with my colleague @mbuehler - this is not the best way to deal with this Threat Event.

Do you (or @bretzeli ) have an SR already raised for this? If yes, I will push this to our Engineering Team.

Thank you

Was my reply helpful?
If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?

View solution in original post

5 Replies
McAfee Employee mbuehler
McAfee Employee
Report Inappropriate Content
Message 2 of 6

Re: BUG: EPO 5.9.1, 10.7, ATP, unable to ADD or MODIFY existing detection

Jump to solution

Hi @SWISS 

A better way for you to exclude these ATP detections would be to either whitelist the file in TIE, or add the file name/path as an exclusion in your OAS Standard Process group exclusions which will exclude it from ATP.

Thank you,

Was my reply helpful?
If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?
Reliable Contributor bretzeli
Reliable Contributor
Report Inappropriate Content
Message 3 of 6

Re: BUG: EPO 5.9.1, 10.7, ATP, unable to ADD or MODIFY existing detection

Jump to solution

Hello,

We reported this BUG to our partner and it's clearly a BUG with the form validation of ENS 10.7 with EPO.

Thank you for the tip with the other way but the option above should work.

customer

McAfee Employee chealey
McAfee Employee
Report Inappropriate Content
Message 4 of 6

Re: BUG: EPO 5.9.1, 10.7, ATP, unable to ADD or MODIFY existing detection

Jump to solution

Hi @SWISS 

Thank you for bringing this to our attention. Indeed, I can reproduce this in my test environment very easily and can confirm it did work in 10.6 and below so definitely seems like an issue.

I would however agree with my colleague @mbuehler - this is not the best way to deal with this Threat Event.

Do you (or @bretzeli ) have an SR already raised for this? If yes, I will push this to our Engineering Team.

Thank you

Was my reply helpful?
If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?

View solution in original post

Reliable Contributor SWISS
Reliable Contributor
Report Inappropriate Content
Message 5 of 6

Re: BUG: EPO 5.9.1, 10.7, ATP, unable to ADD or MODIFY existing detection

Jump to solution

Customer 

Service-Anfragen 4-20490955171
McAfee Employee chealey
McAfee Employee
Report Inappropriate Content
Message 6 of 6

Re: BUG: EPO 5.9.1, 10.7, ATP, unable to ADD or MODIFY existing detection

Jump to solution

Thank you @SWISS 

I will escalate this to Engineering now.

Was my reply helpful?
If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?
More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community