cancel
Showing results for 
Search instead for 
Did you mean: 

Need help for ENS exclusions for KB89540 (PSEXEC)

Hello Team,

I need some help for ENS exclusions. As per KB KB89540 we had added the rule for PSEXESVC however, I need to allow one user or IP Address to be in exclusion. I talked to support team they suggested that we add the user id in exclusion. I have added it then from source system this isn't getting blocked however, on the remote machine it's getting blocked as it launches it with user id NT AUTHORITY\SYSTEM .

 

Has anyone encountered this problem after rule creation ? If yes, can you please suggest me any possible solutions or any workarounds ? or any psexec command that may work in such scenarios.

 

Below is the transcript from the KB Article.

Create a new rule with an inclusion status of "Include" using * for the File name or Path
Create a sub-rule with a type of "files," and for a target include **\PSEXESVC.EXE
Select the action to prevent creation

More McAfee Tools to Help You
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • Visit: Business Service Portal
  • More: Search Knowledge Articles
  • ePolicy Orchestrator Support

    • Download the new ePolicy Orchestrator (ePO) Support Center Extension which simplifies ePO management and provides support resources directly in the console. Learn more about ePO Support Center