Remotely accessing local files or folders - hosts exclusion
We would like to activate the access rule "Remotely accessing local files or folders" but it generates too much false positives essentially due to our vulnerability scanners activity which scan the devices remotely.
Is there a way to exclude the IP addresses of these scanners? I only see a way to exclude processes but not the "Threat source IP addresses".
If not, is there a way to do the same rule with Exploit prevention (expert rule) ?
Thank you for posting in community forum. Exclusions are not suitable for this rule as the process is always a remote entity that we cannot distinguish as a particular service.
Expert rules do provide additional parameters and allow more flexibility than the Access Protection custom rules. But, to create Expert Rules, you must understand the McAfee proprietary syntaxes. This can be better recommended by McAfee professional services and they can be contacted using below link.
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.
Community Help Hub
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.