Showing results for 
Search instead for 
Did you mean: 

ePO ENS Endpoint Security Threat Prevention CSCRIPT.EXE exclusion


We recently migrated from VSE 8.8 to ENS 10.5.3 and now I am getting thousands of false positives such as: 

NT AUTHORITY\SYSTEM ran CSCRIPT.EXE, which tried to access C:\WINDOWS\TEMP, violating the rule "Executing scripts by Windows script host (CScript.exe or Wscript.exe) from common user folders", and was blocked. For information on how to respond to this event, see KB85494.

Source File Path:


Target Hash:


Target Name:


Target Path:


Module Name:

Threat Prevention


My question is how to exclude this so it won't alert on this anymore? I looked into configuration guide and I just dont think exclusions work for me.. Smiley Sad



McAfee ePO Support Center Plug-in
Check out the new McAfee ePO Support Center. Simply access the ePO Software Manager and follow the instructions in the Product Guide for the most commonly used utilities, top known issues announcements, search the knowledgebase for product documentation, and server status and statistics – all from within ePO.