cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
eobiont
Level 9
Report Inappropriate Content
Message 1 of 2
‎01-08-2018 10:34 AM

Endpoint Security Common - Options Self Protection

I am getting started on ENS migration.  I have run into some issues with self protections and need to do an exclusion.

In VSE 8.8 self protection was part of Access Protection, but it seems to be split out of Access Protection in ENS and moved to its own configuration in the Endpoint Security Common "Options" policy.

There are several deficiencies as far as I can tell and I want to make sure these are true - and not just me not knowing how they work.

In VSE, I could specify a full path to the process I wanted to exclude.  This offered some protection to the exclusion since I could exclude certain Microsoft processes based on locations in protected OS locations.

In ENS it appears that I can only specify a process name - and cannot limit to a process running from a certain path.  True?

In ENS Self Protection events - the process MD5 Hash is listed along with the path and signer information, but there appears to be no way for me to leverage this information when wanting to un-block the process from self protection -- so the only option is to un-block a particular process name  rather than the MD5 hash or even to include the path to the executable - as I could do in VSE.  Is that correct?

Module Name:Web Control
Analyzer Content Creation Date:7/1/15 5:01:00 AM CDT
Analyzer Content Version:10.1.0000
Analyzer Rule Name:Web Control - Protect plugin registry keys and values
Source Process Hash:d3c986639542a28f32da84a5d2d20db8
Source Process Signed:Yes
Source Process Signer:C=US, S=WASHINGTON, L=REDMOND, O=MICROSOFT CORPORATION, CN=MICROSOFT WINDOWS
Source File Path:C:\WINDOWS\SYSTEM32
Source File Size (Bytes):228352
Source Modify Time:9/29/17 3:41:16 AM CDT
Source Access Time:9/29/17 3:41:16 AM CDT
Source Create Time:9/29/17 3:41:16 AM CDT
Target Signed:No
Target Path:HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\ENABLE BROWSER EXTENSIONS
0 Kudos
Reply
1 Reply
bodysoda
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 2 of 2
‎02-14-2018 03:28 AM

Re: Endpoint Security Common - Options Self Protection

Do you see this every all the time? or just once ?
At the time of initial deployment disable the "Endpoint Security Common - Options Self Protection" until you complete roll out the ENS to all the clients and servers.

Once you have finished the deployment, ENS would have created the Mcafee Trusted validations. Then enable the "Endpoint Security Common - Options Self Protection ".
In case above information was useful or answered your question, please select "Accept as Solution" in my reply, or give a Kudo. Thanks!
0 Kudos
Reply
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community


Corporate Headquarters
6220 America Center Drive
San Jose, CA 95002 USA

Consumer Support   |   Enterprise Support   |   McAfee.com

Legal   |   Privacy   |   Copyright © 2020 McAfee, LLC