cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
User68214094
Level 9
Report Inappropriate Content
Message 1 of 2
‎01-26-2022 01:55 PM

Question regarding allowing .exe files and how to whitelist them.

I work in a school district and we have multiple (1000's) of false positives every day, and trying to weed through these is nearly impossible. The false positives stem from being in a security rule group rather than a balanced group. My supervisor is not willing to downgrade our security posture, so...

This file: "C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Mf49f6405#\1a9dbe36222431068d63284a515217f7\Microsoft.Management.Infrastructure.ni.dll" has over 4000 blocks today. From what I understand it is a windows update package. Since it isn't a .exe file, does anything work to whitelist it? Could I put "C:\Windows\assembly\NativeImages_v4.0.30319_64\" under OAS exclusions? Then check the subfolders box?

Is it best practice to use OAS exclusions or is it better to use DAC exclusions. Can it be done with C:\Windows\assembly\NativeImages_v4.0.30319_64\* in DAC or would that be effective?

There are others such as:

C:\Program Files (x86)\InTouch\OPOSPOSPrinter.ocx

C:\Program Files (x86)\Luidia\eBeam Device Service\eBeamDeviceServiceUI.exe

C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe

C:\Program Files (x86)\Objectif Lune\CPD\App\OLCS_Notifier.exe

C:\Program Files (x86)\Plustek\Plustek OpticPro A320E\DocuAction.exe

C:\Program Files (x86)\QuickTime\QTTask.exe

C:\Program Files (x86)\TI Education\TI-Nspire CX Navigator Teacher Software\bridgelinkserver.exe

that also get blocked regularly.

What is the best method to stop these false positives?

0 Kudos
Reply
1 Reply
Sivakumar1
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 2
‎01-26-2022 04:24 PM

Re: Question regarding allowing .exe files and how to whitelist them.

Hello @User68214094 . Thank you for posting t McAfee Enterprise Community. Please check on the article to add up exclusions for ATP,

https://docs.mcafee.com/bundle/endpoint-security-10.6.0-adaptive-threat-protection-product-guide-win...

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

0 Kudos
Reply
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community


Corporate Headquarters
6220 America Center Drive
San Jose, CA 95002 USA

Consumer Support   |   Enterprise Support   |   McAfee.com for Enterprise

Legal   |   Privacy   |   Copyright © 2021 Musarubra US LLC