cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
harshal_joshi01
harshal_joshi01
Level 7
Report Inappropriate Content
Message 1 of 4
‎08-03-2018 12:22 PM

ENS 10.5.6 exclusions registry path

Jump to solution

Hello All,

We have ePO 5.1.3 in our environment. We have configured a policy to push the exclusions from the ePO to the local server. Local server has Agent version as 5.0.6 and ENS version as 10.5.4. I am in need to locate the path in registry wherein the pushed exclusions from the ePO are saved. Also if there are any local exclusions added, where will they be saved in the registry.

Thanks!!!

0 Kudos
Reply
1 Solution

Accepted Solutions
Highlighted
ktankink
McAfee Employee ktankink
McAfee Employee
Report Inappropriate Content
Message 2 of 4
‎08-03-2018 01:01 PM

Re: ENS 10.5.6 exclusions registry path

Jump to solution

This will depend on what exclusions that are included in your policies, but check the following registry locations:

 

HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\Endpoint\EXCLUSION

HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\Endpoint\Ips\BO

 

Reply
3 Replies
Highlighted
ktankink
McAfee Employee ktankink
McAfee Employee
Report Inappropriate Content
Message 2 of 4
‎08-03-2018 01:01 PM

Re: ENS 10.5.6 exclusions registry path

Jump to solution

This will depend on what exclusions that are included in your policies, but check the following registry locations:

 

HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\Endpoint\EXCLUSION

HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\Endpoint\Ips\BO

 

Reply
jess_arman
McAfee Employee jess_arman
McAfee Employee
Report Inappropriate Content
Message 3 of 4
‎08-07-2018 06:06 AM

Re: ENS 10.5.6 exclusions registry path

Jump to solution

@harshal_joshi01 Please be advised that the exclusion values in that location are hexadecimally encoded, so you will not be able to read them. 

 

Was my reply helpful?

If this information was helpful in any way, or answered your question, will you please give kudos or select "Accept as Solution" in my reply, as appropriate, so together we can help other members?

0 Kudos
Reply
ktankink
McAfee Employee ktankink
McAfee Employee
Report Inappropriate Content
Message 4 of 4
‎08-07-2018 07:07 AM

Re: ENS 10.5.6 exclusions registry path

Jump to solution

Alternatively, instead of looking in the registry, you can use the ESCONFIG.EXE command to export the local ENS config to readable text format, and inspect the exclusions that way.  

 

PD26800 - Endpoint Security 10.5.0 Installation Guide
https://kc.mcafee.com/corporate/index?page=content&id=PD26800
Page 50 "ESConfigTool command-line options"

 

Example OAS exclusion:

oas exclusion.jpg

 

 

1. Open Admin CMD prompt.

2. Run: "c:\Program Files\McAfee\Endpoint Security\Endpoint Security Platform\ESConfigTool.exe" /export .<filename> /module TP /plaintext

3. Review the output filename:

<Task id="EXCLUDE_OAS_PROCESS_GROUP_DEFAULT">
<EXCLUSION_ITEMS>
<EXCLUSION_ITEM>
<EXCLUSION_BY_NAME_OR_LOCATION>C:\temp\test.exe</EXCLUSION_BY_NAME_OR_LOCATION>
<EXCLUSION_FILE_TYPE />
<EXCLUSION_BY_FILE_AGE>0</EXCLUSION_BY_FILE_AGE>
<EXCLUSION_TYPE>3</EXCLUSION_TYPE>
<EXCLUSION_EXCLUDE_SUBFOLDERS>0</EXCLUSION_EXCLUDE_SUBFOLDERS>
<EXCLUSION_ON_READ>1</EXCLUSION_ON_READ>
<EXCLUSION_ON_WRITE>1</EXCLUSION_ON_WRITE>
<EXCLUSION_SOURCE>0</EXCLUSION_SOURCE>
</EXCLUSION_ITEM>
</EXCLUSION_ITEMS>
<EXCLUSION_DETECTIONS></EXCLUSION_DETECTIONS>
</Task>

 

 

0 Kudos
Reply
More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator