Showing results for 
Search instead for 
Did you mean: 
McAfee Employee ktankink
McAfee Employee
Report Inappropriate Content
Message 11 of 12

Re: Explanation of Access Protection Rules and Signatures in Exploit Prevention

Jump to solution


so if an application is listed under the "Application Protection Rules" section it will be monitored for everything that is set up in the "Signatures" section within the EP-Rules right?



Application Protection Rules are not tied to all Exploit Prevention signatures directly.  App Protection Rules are used for Buffer Overflow and Illegal API signatures.


Application protection rules specify the processes that Exploit Prevention monitors for buffer overflow and illegal API use violations. Only processes in the Application Protection Rules list with the inclusion status of Include are monitored.



  • Signature 344 is a Registry engine signature and that signature still provides protection regardless of what is listed/not listed as an App Protection Rule. 
  • If you disable Signature 344, you should not see it trigger at all (regardless of the Application Protection Rules).  Verify that Signature 344 is actually set to FALSE for Block and/or Report by checking the C:\Program Files\McAfee\Endpoint Security\Endpoint Security Platform\bopap.xml file.
		<Rule id="344">
			<Name>New Startup Program Creation</Name>


If this shows Signature 344 as both FALSE and you're still getting Sig344 violations from this client, yes, please open a Service Request with Support for investigation.

McAfee Employee jess_arman
McAfee Employee
Report Inappropriate Content
Message 12 of 12

Re: Explanation of Access Protection Rules and Signatures in Exploit Prevention

Jump to solution

@Daniel_S Further documentation to supplement what ktankink linked, and from which I pulled my information: Product Guide


Was my reply helpful?

If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community