Hello All,
We have ePO 5.1.3 in our environment. We have configured a policy to push the exclusions from the ePO to the local server. Local server has Agent version as 5.0.6 and ENS version as 10.5.4. I am in need to locate the path in registry wherein the pushed exclusions from the ePO are saved. Also if there are any local exclusions added, where will they be saved in the registry.
Thanks!!!
Solved! Go to Solution.
This will depend on what exclusions that are included in your policies, but check the following registry locations:
HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\Endpoint\EXCLUSION
HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\Endpoint\Ips\BO
This will depend on what exclusions that are included in your policies, but check the following registry locations:
HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\Endpoint\EXCLUSION
HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\Endpoint\Ips\BO
@harshal_joshi01 Please be advised that the exclusion values in that location are hexadecimally encoded, so you will not be able to read them.
Was my reply helpful?
If this information was helpful in any way, or answered your question, will you please give kudos or select "Accept as Solution" in my reply, as appropriate, so together we can help other members?
Alternatively, instead of looking in the registry, you can use the ESCONFIG.EXE command to export the local ENS config to readable text format, and inspect the exclusions that way.
PD26800 - Endpoint Security 10.5.0 Installation Guide
https://kc.mcafee.com/corporate/index?page=content&id=PD26800
Page 50 "ESConfigTool command-line options"
Example OAS exclusion:
1. Open Admin CMD prompt.
2. Run: "c:\Program Files\McAfee\Endpoint Security\Endpoint Security Platform\ESConfigTool.exe" /export .<filename> /module TP /plaintext
3. Review the output filename:
<Task id="EXCLUDE_OAS_PROCESS_GROUP_DEFAULT"> <EXCLUSION_ITEMS> <EXCLUSION_ITEM> <EXCLUSION_BY_NAME_OR_LOCATION>C:\temp\test.exe</EXCLUSION_BY_NAME_OR_LOCATION> <EXCLUSION_FILE_TYPE /> <EXCLUSION_BY_FILE_AGE>0</EXCLUSION_BY_FILE_AGE> <EXCLUSION_TYPE>3</EXCLUSION_TYPE> <EXCLUSION_EXCLUDE_SUBFOLDERS>0</EXCLUSION_EXCLUDE_SUBFOLDERS> <EXCLUSION_ON_READ>1</EXCLUSION_ON_READ> <EXCLUSION_ON_WRITE>1</EXCLUSION_ON_WRITE> <EXCLUSION_SOURCE>0</EXCLUSION_SOURCE> </EXCLUSION_ITEM> </EXCLUSION_ITEMS> <EXCLUSION_DETECTIONS></EXCLUSION_DETECTIONS> </Task>