ENS 10.5.5 deployment shows Exploit prevention disabled in the task bar
We are deploying ENS 10.5.5 in our organisation and during pilot installation we have observed that in the task bar, right click on McAfee icon shows "Issue Detected" McAfee Exploit Prevention is disabled"
However when we check the Exploit Prevention module in the ENS console locally on the client machine, the Exploit Prevention module shows enabled
Please check attached screenshot. Going through the earlier post on community for a similar issue, we understand that we may have to run tool to identify and check if there is any third party application trying to inject dll into McAfee process and investigate further. however, if this is the cause, it may be different dlls on diff machines which may be trying to inject..
In our big environment it may not be possible for us to check this on all the machines. Is there any bug due to which EP module shows as disabled in the task bar.
Is there a way we can fix this notification in the task bar. Please check below screenshot
Re: ENS 10.5.5 deployment shows Exploit prevention disabled in the task bar
As we have seen the in the task Bar-McAfee icon shows Exploit Prevention is disabled, however when we open the ENS console we can see that the Exploit Prevention module is enabled
Now we tried to check if the EP module works or not. For that we enabled the signature ID -1157- USB Storage Device Inserted on the affected machine. Though the policy enforcement was successful however still the USB was not blocked and user was able to access the USB from that machine
When we enabled the same signature for a good machine when EP was showing compliant in the task bar "view security status" the USB was blocked
This goes to show that the systems where the task bar "view security status" is showing EP is disabled, there the EP feature is not working at all, though inside ENS console we can see that the EP is enabled