I need to temporarily Endpoint Security Threat Prevention
McAfee threat prevention is blocking me installing PSTools onto a server that are required to gather information for Microsoft to troubleshoot something. Is there a way of temporarily suspending this from ePolicy Orchestrator so that I can install the tools.
You will have to check the detection first in order to disable a module.
For example, if the Access protection is blocking the PStools you can disable the Access protection only from EPO by creating a new policy to that server to disable Access protection on one machine.
The detection might also occur from Exploit prevention, On Access Scanner.
You can share us the screen shot of the error and the ENS event logs to conform.
Or else if you want to disable the ENS AV entirely (which is risky as it is on a server ), you will have to create a duplicate of existing policies of OnAccess Scan, Access protection and exploit prevention and modify the policy by unchecking the Enable option.
Later you can apply the new duplicated policy to the server so that ENS will read from the policy and disable the product.
it would be great if you can share the snapshot of the ENS event logs that shows the detection.
Re: I need to temporarily Endpoint Security Threat Prevention
this is most likely a "Potentially Unwanted Program" detection, from ePO console -
Endpoint Security Threat Prevention : Policy Category > Options > My Default (or assigned policy) in the section "Exclusion by Detection Name" then add the "detection name". Wake up the machine and you should be good.
Was my reply helpful?
If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.
Community Help Hub
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.