cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

Endpoint Security Common - Options Self Protection

I am getting started on ENS migration.  I have run into some issues with self protections and need to do an exclusion.

In VSE 8.8 self protection was part of Access Protection, but it seems to be split out of Access Protection in ENS and moved to its own configuration in the Endpoint Security Common "Options" policy.

There are several deficiencies as far as I can tell and I want to make sure these are true - and not just me not knowing how they work.

In VSE, I could specify a full path to the process I wanted to exclude.  This offered some protection to the exclusion since I could exclude certain Microsoft processes based on locations in protected OS locations.

In ENS it appears that I can only specify a process name - and cannot limit to a process running from a certain path.  True?

In ENS Self Protection events - the process MD5 Hash is listed along with the path and signer information, but there appears to be no way for me to leverage this information when wanting to un-block the process from self protection -- so the only option is to un-block a particular process name  rather than the MD5 hash or even to include the path to the executable - as I could do in VSE.  Is that correct?

Module Name:Web Control
Analyzer Content Creation Date:7/1/15 5:01:00 AM CDT
Analyzer Content Version:10.1.0000
Analyzer Rule Name:Web Control - Protect plugin registry keys and values
Source Process Hash:d3c986639542a28f32da84a5d2d20db8
Source Process Signed:Yes
Source Process Signer:C=US, S=WASHINGTON, L=REDMOND, O=MICROSOFT CORPORATION, CN=MICROSOFT WINDOWS
Source File Path:C:\WINDOWS\SYSTEM32
Source File Size (Bytes):228352
Source Modify Time:9/29/17 3:41:16 AM CDT
Source Access Time:9/29/17 3:41:16 AM CDT
Source Create Time:9/29/17 3:41:16 AM CDT
Target Signed:No
Target Path:HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\ENABLE BROWSER EXTENSIONS
1 Reply
Reliable Contributor bodysoda
Reliable Contributor
Report Inappropriate Content
Message 2 of 2

Re: Endpoint Security Common - Options Self Protection

Do you see this every all the time? or just once ?
At the time of initial deployment disable the "Endpoint Security Common - Options Self Protection" until you complete roll out the ENS to all the clients and servers.

Once you have finished the deployment, ENS would have created the Mcafee Trusted validations. Then enable the "Endpoint Security Common - Options Self Protection ".
In case above information was useful or answered your question, please select "Accept as Solution" in my reply, or give a Kudo. Thanks!
More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community