cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cheetah
Level 10
Report Inappropriate Content
Message 11 of 13

Re: Exploit Prevention WebMer - ESConfig

Jump to solution

@AdithyanT or @Dayananda  Sorry, but just one last question:

 

But the data collected by MER.exe are NOT incorrect either - due to the actual block of the AP rule?

AdithyanT
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 12 of 13

Re: Exploit Prevention WebMer - ESConfig

Jump to solution

Hi @cheetah,

Firstly, my apologies for the delay as I was OOO for a week's time. Your question is very much valid and I did not really check that part. Our recommendation is to ensure we exclude it, and I am currently generating MER with and without this block turned ON. Should I see a difference in output missing crucial DB information (I am already guessing what I could miss with AP rule ON), I will have a public facing KBA written and publish for your and our other customers who may be facing this issue.

Once again, my apologies for the delay in response. I request you for possibly a few more hours while I get this tested for you.

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Thanks and regards,
Adithyan T
AdithyanT
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 13 of 13

Re: Exploit Prevention WebMer - ESConfig

Jump to solution

Hi @cheetah,

Thank you for your kind time and patience with us.

So, I have examined the use of ESConfig here and I can see that there are policy exports that is being created for each of the components present in your machine while collecting MER (Components like TP, WC, etc.)

Although these come in real handy when exploring individual policies applied on the endpoint, This may not be a deal breaker when we are checking in the overall setting using the registry exports and other issues that may not really require us investigating the policies in depth.

Missing files from the MER where AP rule was blocking ESconfig are as follows:

FILE_ESCONFIG_EXPORT_ESP64.txt
FILE_ESCONFIG_EXPORT_FW64.txt
FILE_ESCONFIG_EXPORT_TP64.txt
FILE_ESCONFIG_EXPORT_WC64.txt

I will see if a KBA needs to be written explicitly for this and keep you posted with an update via this community post!

Thanks you for bringing this up to our notice!

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Thanks and regards,
Adithyan T
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community