cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

Tuning Access Protection False Positives

Hi, Is it possible to tune out noise from endpoints generating tons of events that are flagged by the "Remotely Accessing local files or folders" rule? Tried excluding via path **\Folder\** etc with wildcard to exclude any files in "Folder" anywhere on the system but it's not having any impact, they are still reported and logged. Cheers
1 Reply
McAfee Employee jess_arman
McAfee Employee
Report Inappropriate Content
Message 2 of 2

Re: Tuning Access Protection False Positives

@mattschm At this time, you cannot selectively filter events based on what is triggering them. The report mechanism is either On--Report All, or Off--Report Nothing. 

The closest you could get to doing this would be excluding the process that is triggering the rule, from the rule, which then would be allowing the action. So, if you choose to do this, then be sure that you are okay with the activity of the process being allowed.

With Access Protection, only processes can be excluded, not files/folders. So, if you are comfortable with the above, and do want to implement some exclusions, then you would need to configure your **\Folder\** exclusion to instead be formatted to specify any process, such as; **\Folder\*.exe. This is any process under named Folder under any directory. Please be advised, that the less specific you are, the wider the "security gap" becomes in regards to the rule.

 

Was my reply helpful?

If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community