We are trying to use the ESConfigTool using the below command line. however, it does not output anything. Not even an error. The folderpath is writable and exists.
ESConfigTool.exe /export C:\temp\fw.policy /module FW /unlock %password% /plaintext
When used without command line options, it also does not generate any output. The machine has been assigned policies for On-Access scan and Access protection, which disable On-Access scan and Access protection. I was not able to locat the rule "Unauthorized execution of EsConfigTool", whicih is mentioned in the documentation, in any of these policies though.
We apologize for late reply.
Did you see any ESConfigTool log in Programdata\McAfee\Endpoint Security\EndpointSecurityPlatform_Activity.log when you executed command?
And please confirm the ENS console password you input in the option is correct.
If this issue still persists, please let me know the ENS product version.
Seeing this error
"EsconfigTool (1488.10568) ESConfigTool.EsConfigTool.Error (ProcessExecutionInfo.cpp:117) Running service outside install folder. Exiting ..."
Please not that we did not copy or move the ESCofniggTool.exe to a different folder.
Please follow the Technical Article : KB90523
The access protection rule Unauthorized execution of EsConfigTool blocks the execution of EsConfigTool. Administrators can disable the rule and run EsConfigtool when needed and re-enable the rule when complete.
This Rule is availale in the ENS Access protection RULES . Refer screen below :
Thank you ,
Our custom rules aside, I only see the below
|Altering user rights policies|
|Browsers launching files from the Downloaded Program Files folder|
|Changing any file extension registrations|
|Creating new executable files in the Program Files folder|
|Creating new executable files in the Windows folder|
|Disabling Registry Editor and Task Manager|
|Doppelganging attacks on processes|
|Executing Mimikatz malware|
|Executing scripts by Windows script host (CScript.exe or Wscript.exe) from common user folders|
|Executing Windows Subsystem for Linux|
|Hijacking .EXE and other executable extensions|
|Installing Browser Helper Objects or Shell Extensions|
|Installing new CLSIDs, APPIDs, and TYPELIBs|
|Modifying core Windows Processes|
|Modifying Internet Explorer settings|
|Modifying network settings|
|Registering of programs to autorun|
|Remotely accessing local files or folders|
|Remotely creating autorun files|
|Remotely creating or modifying files or folders|
|Remotely creating or modifying Portable Executable, .INI, .PIF file types, and core system locations|
|Running files from common user folders|
|Running files from common user folders by common programs|
A related question: whe I use the plaintext option with the firewall product. The file that will be generated is XML. Correct? If so, is this file any different from what i can export from ePO?
Hi @FDRLLGR Please refer to this known issue about blank output of the esconfigtool.exe and the ENS version you are using.
KB82450 - Endpoint Security 10.x Known Issues
|ENSW-95967||10.7.0 February 2020 Update
10.6.1 February 2020 Update
|10.7.0 April 2020 Update
10.6.1 April 2020 Update
|Issue: When you execute ESConfigtool.exe with Run As Admin credentials, it does not provide its help and command-line switch output file for exports.
Resolution: This issue is resolved in ENS 10.6.1 April 2020 Update and ENS 10.7.0 April 2020 Update.
Also, the plaintext output file from esconfigtool.exe is not importable anywhere (e.g., not back into another ENS client or ePO server). To import the ENS config file back into another ENS client, the export file must be in the encrypted format (e.g., the /plaintext switch must not be used when exporting the configuration).