cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

Endpoint Security Common - Options Self Protection

I am getting started on ENS migration.  I have run into some issues with self protections and need to do an exclusion.

In VSE 8.8 self protection was part of Access Protection, but it seems to be split out of Access Protection in ENS and moved to its own configuration in the Endpoint Security Common "Options" policy.

There are several deficiencies as far as I can tell and I want to make sure these are true - and not just me not knowing how they work.

In VSE, I could specify a full path to the process I wanted to exclude.  This offered some protection to the exclusion since I could exclude certain Microsoft processes based on locations in protected OS locations.

In ENS it appears that I can only specify a process name - and cannot limit to a process running from a certain path.  True?

In ENS Self Protection events - the process MD5 Hash is listed along with the path and signer information, but there appears to be no way for me to leverage this information when wanting to un-block the process from self protection -- so the only option is to un-block a particular process name  rather than the MD5 hash or even to include the path to the executable - as I could do in VSE.  Is that correct?

Module Name:Web Control
Analyzer Content Creation Date:7/1/15 5:01:00 AM CDT
Analyzer Content Version:10.1.0000
Analyzer Rule Name:Web Control - Protect plugin registry keys and values
Source Process Hash:d3c986639542a28f32da84a5d2d20db8
Source Process Signed:Yes
Source Process Signer:C=US, S=WASHINGTON, L=REDMOND, O=MICROSOFT CORPORATION, CN=MICROSOFT WINDOWS
Source File Path:C:\WINDOWS\SYSTEM32
Source File Size (Bytes):228352
Source Modify Time:9/29/17 3:41:16 AM CDT
Source Access Time:9/29/17 3:41:16 AM CDT
Source Create Time:9/29/17 3:41:16 AM CDT
Target Signed:No
Target Path:HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\ENABLE BROWSER EXTENSIONS
1 Reply
Reliable Contributor bodysoda
Reliable Contributor
Report Inappropriate Content
Message 2 of 2

Re: Endpoint Security Common - Options Self Protection

Do you see this every all the time? or just once ?
At the time of initial deployment disable the "Endpoint Security Common - Options Self Protection" until you complete roll out the ENS to all the clients and servers.

Once you have finished the deployment, ENS would have created the Mcafee Trusted validations. Then enable the "Endpoint Security Common - Options Self Protection ".
Member Rewards
McAfee Community rewards active and helpful members just like you. Click here to take a look at the first community members who received a special reward and were recognized by McAfee leader, Aneel Jaeel, for their participation and trusted knowledge in the community.