cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Dwee
Level 10
Report Inappropriate Content
Message 1 of 6
‎01-19-2022 06:59 PM

Webex meeting blocked by mcafee

Hi Team,

i have customer that said they can't open webex invitation meeting over outlook, the outlook just force closed everytime they click accept the webex meeting link, we have already change outlook.exe and webex.exe reputation on TIE to known trusted, and still the result always the same, i noticed theres some rule violated logs :  "C:\Users\USER\AppData\Local\WebEx\WebexHost.exe, which attempted to access the process mfewch.exe, violating the rule "Core Protection - Protect McAfee processes from unauthorized access and termination", and was blocked. For information about how to respond to this event, see KB85494. thats from "Self protection Activity logs"
see file attachment for details, thats the only log file i found about blocking webex,

SelfProtection_Activity.zip
0 Kudos
Reply
5 Replies
Solidcore
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 6
‎01-19-2022 07:19 PM

Re: Webex meeting blocked by mcafee

Thanks for raising your concern in the community channel.

Here the scenario is the webexHost.exe during its execution its trying to access the mfewch.exe which is the McAfee process. As you aware no third party application is allowed to access or modify the McAfee process. 

The operation is violating the rule "Core protection - Protect McAfee process from unauthorized access and termination", and hence its restricting accessing the WebexHost.exe.

If you are running the older version ENS, I suggest you to install the latest ENS and test it.

I also verified the Self-protection logs that you shared, i do see there are multiple application execution's is matching to the rule "Core protection - Protect McAfee process from unauthorized access and termination", and getting terminated. 
If the issues arises again after upgrading the ENS version to the very latest, suggest you to add the application exe into the Self protection exclusions under Endpoint Security common exclusions. 

Was my reply helpful?

If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

 

Thanks and regards,

Ravindra SK

 

0 Kudos
Reply
Pravas
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 3 of 6
‎01-19-2022 07:23 PM

Re: Webex meeting blocked by mcafee

Hi @Dwee ,

I've seen similar events on my System as well but that doesn't seem to block WebEx in my case.

Please reboot the system and then check again.

Also you may try isolating the module as mentioned in the KB Below.

https://kc.mcafee.com/corporate/index?page=content&id=KB88482

Thanks

 

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

0 Kudos
Reply
Dwee
Level 10
Report Inappropriate Content
Message 4 of 6
‎01-21-2022 02:43 AM

Re: Webex meeting blocked by mcafee

Hi Pravas,

actually it seems this is the side effects of using ATP "security" level of policy that we implemented when we building fresh epo because of the ransomware outbreak, so the false positive and others blocking/contained  behavior been triggered many of it, and i have overload to whitelisted them all/filtering many application, eventhou i'm using TIE reputation, but still we can overrides the reputation of the exes, dll's but it seems different machines/clients different hash file that triggered to TIE, so i'm overwhelmed to exclusion by overrides the reputations, got any ideas pravas? 
no blackbyte triggered this week by the way, 😀

0 Kudos
Reply
Dwee
Level 10
Report Inappropriate Content
Message 5 of 6
‎02-01-2022 10:36 PM

Re: Webex meeting blocked by mcafee

hi Pravas,

 

still found webex meeting block by DAC ATP because the reputation unknown, i checked TIE reputation also give this file (GTI rep unknwon), eventhou this is CIsco - webex-llc ? and i have also add webex.exe on exclusion in ATP DAC

0 Kudos
Reply
Pravas
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 6 of 6
‎02-02-2022 08:16 PM

Re: Webex meeting blocked by mcafee

Hi @Dwee,

If you're able to reproduce the issue then please log a support with Ticket for investigation.

Thanks

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

0 Kudos
Reply
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community


Corporate Headquarters
6220 America Center Drive
San Jose, CA 95002 USA

Consumer Support   |   Enterprise Support   |   McAfee.com for Enterprise

Legal   |   Privacy   |   Copyright © 2021 Musarubra US LLC