Solved! Go to Solution.
Thank you for contacting us. Based on what you have described here, The procedure seems fine. There are, however, alternate ways of blocking access mspaint as well.
Since your method is also correct, we need to dig in and find out why it does not work.
Can you launch mspaint and when it is running, can you please open task manager and find out the location from which paint program is running from?
May I confirm that the location matches? (Not that I know any other location from where it can be launched from!)
Can you also kindly verify if the policy is locally applied to the endpoint? Please open Endpoint Security Console UI and access its settings. under Threat prevention --> Show advanced, you should be able to see Access protection settings where the rules can be confirmed to be present.
Thank you for your replay
Yes, the location of mspaint.exe is correct, I have also tried it on write.exe and a folder called test and non of them seem to be restricted
With your last comment I am not too sure what you mean.
I have no 'Endpoint Security Console UI' on the McAfee server (I believe you are talking about the little Mcafee icon in the bottom tight hand side by the time/date ?)
If i Look on the Win 10 client and l open the 'View Security Status' I have the following in the list
*McAfee Data Exchange Layer
*McAfee DLP Endpoint
* McAfee Updater
Is there something missing from the list?
Sorry, I am new to the product.
Thanks for your help
Thank you for you clear explanation. I guess this explains it! May i confirm you do not see Endpoint Security status as I have attached below when you click on View Security Status?
If it is missing, then we have to deploy Endpoint Security product to your machine. Without the product, the policies will not take effect!
I sincerely hope this helps!
Thank you for your kind response. Deployment of ENS can be explained in simple steps as follows:
--> Checkin Endpoint Security latest version in your Master repository
--> Go to System tree --> Select the group you wish to deploy ENS (Endpoint Security) to and please select client tasks tab --> New client task assignment --> select McAfee Agent under Products --> Task type should be product Deployment and please create a new task here.
--> At this point, please select the checked in ENS 10.7 latest version in the below order:
1. Endpoint Security platform 10.7
2. Endpoint Security Threat prevention 10.7
There are additional components that can be added, although not really required for this specific feature(Access protection) to work.
Besides the above described method, there are many more ways and detailed instructions provided below in general about deployment of ENS to Windows machines via ePO:
The above documentation is strongly advised as the best place to begin with fi its you first time deploying ENS to your machine. (There is a lot to read, but definitely helps in the long run :)).
I sincerely hope this helps.
I have set a policy up as a test to stop mspaint.exe running,
Hi @User39866432 If you're trying to prevent mspaint.exe from being executed on ENS clients, here's an AP rule example (fine tune as needed); this worked on my ENS test system.
As the screenshot stated above, the "Destination File" criteria is only used for RENAME operations.
Hi Adithyan T
Just to make you aware this is an offline system (No internet connection) I do have another server with McAfee installed with an internet connection to pull updates down. I have checked the software catalog and the McAfee Endpoint Security 10.7 is already installed.
Although I do seem to have an issue now where non of my machines will not allow me to do anything. My windows 10 PC is sat shutting down and it has been like that for 15 minutes and my servers will not allow me to do anything, saying I do not have permission to do anything.
I cannot think what I have done within McAfee that would of done this. I have not made any changes apart from deploying Endpoint Security
Thank you for your response.
the steps you have outlined should not have any effect on the machine's booting process or shut down process. However, I am worried if there are any other rules that you may have configured which could cause the issue.
May I know if you have any other Access protection rules defined by you? At the moment, we do not have any known issues with the ENS which resembles the symptoms mentioned in your last reply. Hence I suspect user defined Access protection rule to be involved here.
I would also recommend having a support case created with us for a quick look at the entire access protection policy to ensure we do not have anything misconfigured in the same.