cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Policy not working on Win 10 Client

Jump to solution
Hi ePolicy Orchestrator V5.10 release 9 I have set a policy up as a test to stop mspaint.exe running, (Procedure below) Log on to EPO. Go to "Policy Catalog Selected Endpoint Security Threat Prevention > Access Protection Duplicated 'My Default' Click on "Add" under "rules" section. Enter the policy name. Select the action "block" and "report". Click on "Add" under "Executables". Enter any name as per your wish, under "Name:" field. Enter "*" under File name or path field. Click on save. Scroll down to "subrules: "section. Click on "Add". Enter any name as per your wish under "Name:" field. Sub rule type : File. Select the below operations : >> Execute Click on "Add " under targets. Under "File, folder name, or file path " section enter the process name or complete location of that executable file. c:\Windows\System32\mspaint.exe Click on save. Save the entire policy. Went to System Tree > Assigned policies tab Selected 'Edit Assignment' and changed 'Assigned Policy' to my policy I created. it says at the top this will affect 3 systems but on my client paint still opens What else do I need to do to get this working Thanks
1 Solution

Accepted Solutions

Re: Policy not working on Win 10 Client

Jump to solution

Yes, I do not have this, can you please advise how to deploy this to all machines.

Thank You

View solution in original post

25 Replies
AdithyanT
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 26

Re: Policy not working on Win 10 Client

Jump to solution

Hi @User39866432,

Thank you for contacting us. Based on what you have described here, The procedure seems fine. There are, however, alternate ways of blocking access mspaint as well.

Since your method is also correct, we need to dig in and find out why it does not work.

Can you launch mspaint and when it is running, can you please open task manager and find out the location from which paint program is running from?

May I confirm that the location matches? (Not that I know any other location from where it can be launched from!)

Can you also kindly verify if the policy is locally applied to the endpoint? Please open Endpoint Security Console UI and access its settings. under Threat prevention --> Show advanced, you should be able to see Access protection settings where the rules can be confirmed to be present.

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Thanks and regards,
Adithyan T

Re: Policy not working on Win 10 Client

Jump to solution

Hi Adithyan

Thank you for your replay

Yes, the location of mspaint.exe is correct, I have also tried it on write.exe and a folder called test and non of them seem to be restricted

With your last comment I am not too sure what you mean.

I have no 'Endpoint Security Console UI' on the McAfee server (I believe you are talking about the little Mcafee icon in the bottom tight hand side by the time/date ?)

If i Look on the Win 10 client and l open the 'View Security Status' I have the following in the list

*McAfee Data Exchange Layer

*McAfee DLP Endpoint

* McAfee Updater

Is there something missing from the list?

Sorry, I am new to the product.

Thanks for your help

 

Re: Policy not working on Win 10 Client

Jump to solution

Please find some screenshots that may explain betterActionProtection.JPGAssignedPolicies.JPGOptions.JPGProperties.JPGProperties2.JPGRules.JPGSubrule.JPG

AdithyanT
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 5 of 26

Re: Policy not working on Win 10 Client

Jump to solution

Hi @User39866432,

Thank you for you clear explanation. I guess this explains it! May i confirm you do not see Endpoint Security status as I have attached below when you click on View Security Status?

If it is missing, then we have to deploy Endpoint Security product to your machine. Without the product, the policies will not take effect!

I sincerely hope this helps!

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Thanks and regards,
Adithyan T

Re: Policy not working on Win 10 Client

Jump to solution

Yes, I do not have this, can you please advise how to deploy this to all machines.

Thank You

View solution in original post

AdithyanT
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 7 of 26

Re: Policy not working on Win 10 Client

Jump to solution

Hi @User39866432,

Thank you for your kind response. Deployment of ENS can be explained in simple steps as follows:

--> Checkin  Endpoint Security latest version in your Master repository

--> Go to System tree --> Select the group you wish to deploy ENS (Endpoint Security) to and please select client tasks tab --> New client task assignment --> select McAfee Agent under Products --> Task type should be product Deployment and please create a new task here.

--> At this point, please select the checked in ENS 10.7 latest version in the below order:

1. Endpoint Security platform 10.7

2. Endpoint Security Threat prevention 10.7

There are additional components that can be added, although not really required for this specific feature(Access protection) to work.

Besides the above described method, there are many more ways and detailed instructions provided below in general about deployment of ENS to Windows machines via ePO:

https://docs.mcafee.com/bundle/endpoint-security-10.7.x-installation-guide-windows/page/GUID-EE3F05D...

The above documentation is strongly advised as the best place to begin with fi its you first time deploying ENS to your machine. (There is a lot to read, but definitely helps in the long run :)).

I sincerely hope this helps.

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Thanks and regards,
Adithyan T
ktankink
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 8 of 26

Re: Policy not working on Win 10 Client

Jump to solution

I have set a policy up as a test to stop mspaint.exe running,

Hi @User39866432 If you're trying to prevent mspaint.exe from being executed on ENS clients, here's an AP rule example (fine tune as needed); this worked on my ENS test system. 

As the screenshot stated above, the "Destination File" criteria is only used for RENAME operations.

block_mspaint.jpg

Re: Policy not working on Win 10 Client

Jump to solution

Hi Adithyan T

Just to make you aware this is an offline system (No internet connection) I do have another server with McAfee installed with an internet connection to pull updates down. I have checked the software catalog and the McAfee Endpoint Security 10.7 is already installed.

Although I do seem to have an issue now where non of my machines will not allow me to do anything. My windows 10 PC is sat shutting down and it has been like that for 15 minutes and my servers will not allow me to do anything, saying I do not have permission to do anything.

I cannot think what I have done within McAfee that would of done this. I have not made any changes apart from deploying Endpoint Security

 

 

 

AdithyanT
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 10 of 26

Re: Policy not working on Win 10 Client

Jump to solution

Hi @User39866432,

Thank you for your response.

the steps you have outlined should not have any effect on the machine's booting process or shut down process. However, I am worried if there are any other rules that you may have configured which could cause the issue.

May I know if you have any other Access protection rules defined by you? At the moment, we do not have any known issues with the ENS which resembles the symptoms mentioned in your last reply. Hence I suspect user defined Access protection rule to be involved here.

I would also recommend having a support case created with us for a quick look at the entire access protection policy to ensure we do not have anything misconfigured in the same.

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Thanks and regards,
Adithyan T
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community