cancel
Showing results for 
Search instead for 
Did you mean: 

Re: ENS July full installer prevents Adobe reader in Protected mode

Jump to solution

Hi all,

Same problem for me since install ENS threat protection 10.6.1.1638.

I made a request service today (4-20052822291)

Re: ENS July full installer prevents Adobe reader in Protected mode

Jump to solution

Hi, 

I got a workaround from the support. You have to set the Exploit Prevention Protection Rule "Adobe Acrobat Reader" to Exclude. Then the issue should be solved.

The support told me that a fix for this issue should be released within 3 weeks.

2019-07-10 07_00_42-ePolicy Orchestrator 5.10.0 and 9 more pages - Microsoft Edge.png

Reliable Contributor Pmaquoi
Reliable Contributor
Report Inappropriate Content
Message 13 of 36

Re: ENS July full installer prevents Adobe reader in Protected mode

Jump to solution

yes the exclusion will work (it is the case for me)  but everyone has to fully understand that, until the fix release, DC reader will be excluded of all IPS rule. So Don't forget to use the latest DC version to reduce the risk.

Reliable Contributor ninov_n
Reliable Contributor
Report Inappropriate Content
Message 14 of 36

Re: ENS July full installer prevents Adobe reader in Protected mode

Jump to solution

Hello,

I have at least two clients experiencing that issue and I await MER logs to log a support ticket

In case above information was useful or answered your question, please select "Accept as Solution" in my reply, or give a Kudo. Thanks!
Nino
Reliable Contributor ninov_n
Reliable Contributor
Report Inappropriate Content
Message 15 of 36

Re: ENS July full installer prevents Adobe reader in Protected mode

Jump to solution

Anyone noticed issues where the rule resets by itself back to the original state causing it to appear again?

In case above information was useful or answered your question, please select "Accept as Solution" in my reply, or give a Kudo. Thanks!
Nino

Re: ENS July full installer prevents Adobe reader in Protected mode

Jump to solution

@ninov_n

Yes, I noticed that on some pc.
I solve the problem by removing the pc from the EPO console without removing the agent
and on the pc that poses a problem, clic collect and send properties.

You can then retrieve it in the EPO console to put it in the right directory to apply the strategy

jround
Level 9
Report Inappropriate Content
Message 17 of 36

Re: ENS July full installer prevents Adobe reader in Protected mode

Jump to solution

I have just noticed my machine is blocking Adobe reader and PDF previews in Outlook again despite the rule in ePO still having the same settings as I set on Friday and tested working OK!

Adobe Acrobat Reader
Enabled
Exclude
**\AcroRd32.exe;
Jul 05,2019 17:07:39 GMT+0000
AcroRd32.exe
McAfee-defined

Re: ENS July full installer prevents Adobe reader in Protected mode

Jump to solution

@ninov_n  / @jround 

What is the version of your agent ?

pcmcis
Level 7
Report Inappropriate Content
Message 19 of 36

Re: ENS July full installer prevents Adobe reader in Protected mode

Jump to solution

Hi,

I see on the server task log that during the last 2 days 7/10 and 7/11, all my exploit detection rules are touched and changed automatically after the “Update Master Repository” and ‘Global Update replication tasks”.

Policy "ENS_Exploit Prevention_disable BO[EPOXXXXX] (Endpoint Security Threat Prevention:Exploit Prevention)" was saved. Comment:7/11/19 7:04:40 AM EEST 7/11/19 7:04:40 AM EEST usernamexxxxx Completed Policy Catalog Less than a minute

Policy "ENS_Exploit Prevention_temp_disable[EPOXXXXX] (Endpoint Security Threat Prevention:Exploit Prevention)" was saved. Comment7/11/19 7:04:36 AM EEST 7/11/19 7:04:36 AM EEST usernamexxxxx Completed Policy Catalog Less than a minute

Policy "ENS NxxxxxRXX_Exploit Prevention[EPOXXXXX] (Endpoint Security Threat Prevention:Exploit Prevention)" was saved. Comment:7/11/19 7:04:32 AM EEST 7/11/19 7:04:32 AM EEST usernamexxxxx Completed Policy Catalog Less than a minute

Policy "My Default[EPOXXXXX] (Endpoint Security Threat Prevention:Exploit Prevention)" was saved. Comment:7/11/19 7:04:21 AM EEST 7/11/19 7:04:28 AM EEST usernamexxxxx Completed Policy Catalog Less than a minute

Policy "ENS_Exploit Prevention_disable BO[EPOXXXXX] (Endpoint Security Threat Prevention:Exploit Prevention)" was saved. Comment:7/11/19 7:04:02 AM EEST 7/11/19 7:04:02 AM EEST usernamexxxxx Completed Policy Catalog Less than a minute

Policy "ENS_Exploit Prevention_temp_disable[EPOXXXXX] (Endpoint Security Threat Prevention:Exploit Prevention)" was saved. Comment 7/11/19 7:04:00 AM EEST 7/11/19 7:04:00 AM EEST usernamexxxxx Completed Policy Catalog Less than a minute

Policy "ENS NxxxxxRXX_Exploit Prevention[EPOXXXXX] (Endpoint Security Threat Prevention:Exploit Prevention)" was saved. Comment:7/11/19 7:03:59 AM EEST 7/11/19 7:03:59 AM EEST usernamexxxxx Completed Policy Catalog Less than a minute

Policy "My Default[EPOXXXXX] (Endpoint Security Threat Prevention:Exploit Prevention)" was saved. Comment:7/11/19 7:03:50 AM EEST 7/11/19 7:03:57 AM EEST usernamexxxxx Completed Policy Catalog Less than a minute

Policy "ENS_Exploit Prevention_disable BO[EPOXXXXX] (Endpoint Security Threat Prevention:Exploit Prevention)" was saved. Comment:7/11/19 7:03:39 AM EEST 7/11/19 7:03:39 AM EEST usernamexxxxx Completed Policy Catalog Less than a minute

Policy "ENS_Exploit Prevention_temp_disable[EPOXXXXX] (Endpoint Security Threat Prevention:Exploit Prevention)" was saved. Comment:7/11/19 7:03:35 AM EEST 7/11/19 7:03:35 AM EEST usernamexxxxx Completed Policy Catalog Less than a minute

Policy "ENS NxxxxxRXX_Exploit Prevention[EPOXXXXX] (Endpoint Security Threat Prevention:Exploit Prevention)" was saved. Comment:7/11/19 7:03:32 AM EEST 7/11/19 7:03:32 AM EEST usernamexxxxx Completed Policy Catalog Less than a minute

Policy "My Default[EPOXXXXX] (Endpoint Security Threat Prevention:Exploit Prevention)" was saved. Comment:7/11/19 7:03:23 AM EEST 7/11/19 7:03:28 AM EEST usernamexxxxx Completed Policy Catalog Less than a minute

Policy "ENS_Exploit Prevention_disable BO[EPOXXXXX] (Endpoint Security Threat Prevention:Exploit Prevention)" was saved. Comment:7/11/19 7:03:05 AM EEST 7/11/19 7:03:05 AM EEST usernamexxxxx Completed Policy Catalog Less than a minute

Policy "ENS_Exploit Prevention_temp_disable[EPOXXXXX] (Endpoint Security Threat Prevention:Exploit Prevention)" was saved. Comment:7/11/19 7:03:04 AM EEST 7/11/19 7:03:04 AM EEST usernamexxxxx Completed Policy Catalog Less than a minute

Policy "ENS NxxxxxRXX_Exploit Prevention[EPOXXXXX] (Endpoint Security Threat Prevention:Exploit Prevention)" was saved. Comment:7/11/19 7:03:02 AM EEST 7/11/19 7:03:02 AM EEST usernamexxxxx Completed Policy Catalog Less than a minute

Policy "My Default[EPOXXXXX] (Endpoint Security Threat Prevention:Exploit Prevention)" was saved. Comment:7/11/19 7:02:54 AM EEST 7/11/19 7:03:01 AM EEST usernamexxxxx Completed Policy Catalog Less than a minute

Global Update replication 7/11/19 7:02:27 AM EEST 7/11/19 7:04:40 AM EEST system Completed Server Task 2 minutes

Performance Optimizer: Analyze CPU and memory usage on the application and database servers

7/11/19 7:01:11 AM EEST 7/11/19 7:01:11 AM EEST usernamexxxxx Completed Server Task Less than a minute

Update Master Repository 7/11/19 7:00:11 AM EEST 7/11/19 7:04:40 AM EEST usernamexxxxx Completed Server Task 4 minutes

 

EPO 5.9.1 build 251

MA Agent 5.6.1.157

McAfee_Endpoint_Security_10.5.5.5130.1_bundle (deployed on 11 clients for testing)

Endpoint Security Threat Prevention  10.5.5.5215

Endpoint Security Platform  10.5.5.5223

Reliable Contributor Pmaquoi
Reliable Contributor
Report Inappropriate Content
Message 20 of 36

Re: ENS July full installer prevents Adobe reader in Protected mode

Jump to solution

For PCMCISREPORT

Its probably because yesterday and the day before the monthly exploit prevention update has been published. Twice this time. The latest one was a short fix of the first one.

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community