cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 1 of 11

BUG: EPO 5.9.1, 10.7, ATP, unable to ADD or MODIFY existing detection

Jump to solution

BUG: EPO 5.9.1, 10.7, ATP, unable to ADD or MODIFY existing detection

The HTML mask does not accept Forwardslash / but ATP/DAC detecects it like that!

 

* EPO 5.9.1 LATEST FIXES

* Agent 5.6.2.209

* ENS 10.7 Plattform, Exploit, ATP Module

 

Endpoint Security Threat Prevention : Richtlinienkategorie > Optionen > CLI_10_OPTIONS
 2019-11-25 17_53_07-Window.png
 
2019-11-25 18_00_00-Window.png

 

 2019-11-25 18_00_39-Window.png

 

1 Solution

Accepted Solutions
Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 10 of 11

Re: BUG: EPO 5.9.1, 10.7, ATP, unable to ADD or MODIFY existing detection

Jump to solution

This issue has now been resolved in the April 2020 Update:

https://docs.mcafee.com/bundle/endpoint-security-v10-7-x-april-2020-update-release-notes/resource/pr...

ref: ENSW-94601

Was my reply helpful?
If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?

View solution in original post

10 Replies
Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 11

Re: BUG: EPO 5.9.1, 10.7, ATP, unable to ADD or MODIFY existing detection

Jump to solution

Hi @SWISS 

A better way for you to exclude these ATP detections would be to either whitelist the file in TIE, or add the file name/path as an exclusion in your OAS Standard Process group exclusions which will exclude it from ATP.

Thank you,

Thank you,
Mitchell Buehler

Was my reply helpful?
If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?
Highlighted
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 3 of 11

Re: BUG: EPO 5.9.1, 10.7, ATP, unable to ADD or MODIFY existing detection

Jump to solution

Hello,

We reported this BUG to our partner and it's clearly a BUG with the form validation of ENS 10.7 with EPO.

Thank you for the tip with the other way but the option above should work.

customer

Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 4 of 11

Re: BUG: EPO 5.9.1, 10.7, ATP, unable to ADD or MODIFY existing detection

Jump to solution

Hi @SWISS 

Thank you for bringing this to our attention. Indeed, I can reproduce this in my test environment very easily and can confirm it did work in 10.6 and below so definitely seems like an issue.

I would however agree with my colleague @mbuehler - this is not the best way to deal with this Threat Event.

Do you (or @bretzeli ) have an SR already raised for this? If yes, I will push this to our Engineering Team.

Thank you

Was my reply helpful?
If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?
Highlighted
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 5 of 11

Re: BUG: EPO 5.9.1, 10.7, ATP, unable to ADD or MODIFY existing detection

Jump to solution

This is NOT the solution and we still have this open. Some day this will get extreme urgent and no we don't want to exclude the other way with TIE in place.

Highlighted
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 6 of 11

Re: BUG: EPO 5.9.1, 10.7, ATP, unable to ADD or MODIFY existing detection

Jump to solution

Customer 

Service-Anfragen 4-20490955171
Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 7 of 11

Re: BUG: EPO 5.9.1, 10.7, ATP, unable to ADD or MODIFY existing detection

Jump to solution

Thank you @SWISS 

I will escalate this to Engineering now.

Was my reply helpful?
If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?
Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 8 of 11

Re: BUG: EPO 5.9.1, 10.7, ATP, unable to ADD or MODIFY existing detection

Jump to solution

Hi, just providing an update on the community so others can see: A fix has been identified, sadly the fix didn't make the Feb Update however it will be included in the next release.

Was my reply helpful?
If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?
Highlighted
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 9 of 11

Re: BUG: EPO 5.9.1, 10.7, ATP, unable to ADD or MODIFY existing detection

Jump to solution

NO the FEBRUAR Update did not solve THIS and it still exist in EPO 5.9.X (Is this solved in EPO 5.10?)

The person talks ABOUT the EPO side NOT the client ENS Side.

We are still UNABLE to add Exceptions in EPO 5.9.x Latest Release with ALL Hotfixes and ENS 10.7.X FEB Update.

WORKAROUND:

This is a catastrophe because the ONLY solution is the EXPORT the POLICY, Modify the XML by hand, correct the #of Exceptions in the XML code and re-import the XML as Policy.

 

Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 10 of 11

Re: BUG: EPO 5.9.1, 10.7, ATP, unable to ADD or MODIFY existing detection

Jump to solution

This issue has now been resolved in the April 2020 Update:

https://docs.mcafee.com/bundle/endpoint-security-v10-7-x-april-2020-update-release-notes/resource/pr...

ref: ENSW-94601

Was my reply helpful?
If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?

View solution in original post

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community