cancel
Showing results for 
Search instead for 
Did you mean: 

ePO ENS Endpoint Security Threat Prevention CSCRIPT.EXE exclusion

Hi,

We recently migrated from VSE 8.8 to ENS 10.5.3 and now I am getting thousands of false positives such as: 

NT AUTHORITY\SYSTEM ran CSCRIPT.EXE, which tried to access C:\WINDOWS\TEMP, violating the rule "Executing scripts by Windows script host (CScript.exe or Wscript.exe) from common user folders", and was blocked. For information on how to respond to this event, see KB85494.

Source File Path:

C:\WINDOWS\SYSTEM32

Target Hash:

02323858c64d5d527dd51f0d42baaaa5

Target Name:

RESTARTHEALTHSERVICE.JS

Target Path:

C:\WINDOWS\TEMP

Module Name:

Threat Prevention

 

My question is how to exclude this so it won't alert on this anymore? I looked into configuration guide and I just dont think exclusions work for me.. 😞

 

Thanks

More McAfee Tools to Help You
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • Visit: Business Service Portal
  • More: Search Knowledge Articles
  • ePolicy Orchestrator Support

    • Download the new ePolicy Orchestrator (ePO) Support Center Extension which simplifies ePO management and provides support resources directly in the console. Learn more about ePO Support Center