cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

ENS 10.5.6 exclusions registry path

Jump to solution

Hello All,

We have ePO 5.1.3 in our environment. We have configured a policy to push the exclusions from the ePO to the local server. Local server has Agent version as 5.0.6 and ENS version as 10.5.4. I am in need to locate the path in registry wherein the pushed exclusions from the ePO are saved. Also if there are any local exclusions added, where will they be saved in the registry.

Thanks!!!

1 Solution

Accepted Solutions
McAfee Employee ktankink
McAfee Employee
Report Inappropriate Content
Message 2 of 4

Re: ENS 10.5.6 exclusions registry path

Jump to solution

This will depend on what exclusions that are included in your policies, but check the following registry locations:

 

HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\Endpoint\EXCLUSION

HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\Endpoint\Ips\BO

 

3 Replies
McAfee Employee ktankink
McAfee Employee
Report Inappropriate Content
Message 2 of 4

Re: ENS 10.5.6 exclusions registry path

Jump to solution

This will depend on what exclusions that are included in your policies, but check the following registry locations:

 

HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\Endpoint\EXCLUSION

HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\Endpoint\Ips\BO

 

McAfee Employee jess_arman
McAfee Employee
Report Inappropriate Content
Message 3 of 4

Re: ENS 10.5.6 exclusions registry path

Jump to solution

@harshal_joshi01 Please be advised that the exclusion values in that location are hexadecimally encoded, so you will not be able to read them. 

 

Was my reply helpful?

If this information was helpful in any way, or answered your question, will you please give kudos or select "Accept as Solution" in my reply, as appropriate, so together we can help other members?

McAfee Employee ktankink
McAfee Employee
Report Inappropriate Content
Message 4 of 4

Re: ENS 10.5.6 exclusions registry path

Jump to solution

Alternatively, instead of looking in the registry, you can use the ESCONFIG.EXE command to export the local ENS config to readable text format, and inspect the exclusions that way.  

 

PD26800 - Endpoint Security 10.5.0 Installation Guide
https://kc.mcafee.com/corporate/index?page=content&id=PD26800
Page 50 "ESConfigTool command-line options"

 

Example OAS exclusion:

oas exclusion.jpg

 

 

1. Open Admin CMD prompt.

2. Run: "c:\Program Files\McAfee\Endpoint Security\Endpoint Security Platform\ESConfigTool.exe" /export .<filename> /module TP /plaintext

3. Review the output filename:

<Task id="EXCLUDE_OAS_PROCESS_GROUP_DEFAULT">
<EXCLUSION_ITEMS>
<EXCLUSION_ITEM>
<EXCLUSION_BY_NAME_OR_LOCATION>C:\temp\test.exe</EXCLUSION_BY_NAME_OR_LOCATION>
<EXCLUSION_FILE_TYPE />
<EXCLUSION_BY_FILE_AGE>0</EXCLUSION_BY_FILE_AGE>
<EXCLUSION_TYPE>3</EXCLUSION_TYPE>
<EXCLUSION_EXCLUDE_SUBFOLDERS>0</EXCLUSION_EXCLUDE_SUBFOLDERS>
<EXCLUSION_ON_READ>1</EXCLUSION_ON_READ>
<EXCLUSION_ON_WRITE>1</EXCLUSION_ON_WRITE>
<EXCLUSION_SOURCE>0</EXCLUSION_SOURCE>
</EXCLUSION_ITEM>
</EXCLUSION_ITEMS>
<EXCLUSION_DETECTIONS></EXCLUSION_DETECTIONS>
</Task>

 

 

MPower Badge Now Available
Customers attending MPower can earn a community badge. Check into the MPower forum and say hi to have the badge awarded to your community profile.