I want to run a crypto currency mining programme on my computer (windows 10):
endpoint's on-access scan reports the programme as a "critical" severity.
In the "on-access scan" advanced settings I only see the option to add exclusions for standard/high/low risk.
How can I add an exclusion for "critical"?
Alternatively, can I downgrade the risk of NsCpuCNMiner64.exe to a lower level?
Log is :
3/27/2018 5:47:13 PM mfetp(7700.8536) <SYSTEM> oasbl.OAS.Activity: Additional information:
3/27/2018 5:47:13 PM mfetp(7700.8536) <SYSTEM> oasbl.OAS.Activity: Primary Action: Clean
3/27/2018 5:47:13 PM mfetp(7700.8536) <SYSTEM> oasbl.OAS.Activity: Secondary Action: Delete
3/27/2018 5:47:13 PM mfetp(7700.8536) <SYSTEM> oasbl.OAS.Activity: Event ID: 1027
3/27/2018 5:52:32 PM mfetp(7700.8536) <SYSTEM> oasbl.OAS.Activity: ANONYMIZED\ANONYMIZED ran C:\Windows\System32\cmd.exe, which attempted to access C:\Users\matthieuh\Documents\testing\Claymore CryptoNote CPU Miner v3.8 - POOL\NsCpuCNMiner64.exe. The potentially unwanted program named W64/CoinMiner was detected and deleted.
But this is not relevant to my question.
I know Endpoint blocks NsCpuCNMiner64 but I want to run that program anyway. I don't care what Endpoint thinks of NsCpuCNMiner64. I make the conscious decision to use that programme and Endpoint should let me run it.
Please follow the below steps.
1.Endpoint Security Threat Prevention : Policy Category > On-Access Scan > My Default
Add the process in exclusion
Overwrite exclusions configured on the client
The policy here will be the policy applied to the machine. The exclusion can be tested locally as well.
Please let us know if it succeeds.
before I can add an exclusion, I need to select a process type.
I have 3 options:
Standard, high risk and Low Risk. but my software is categorized as "critical".
I already added an exclusion in all three process type and it expectely didn't work.
I need a 4th process type: critical.
Can you please try to uncheck the options-
Detect unwanted program.
Detect unknown threat programs
And there is one more option you can add exclusion by detetcion name.
And then try and then share the results.
that could not possibly work (and it didn't)
"Detect unwanted program" and "Detect unknown threat programs" are process type specific settings.
The problem is that McAfee qualifies the programme as a "Critical" process type. But all the settings can only be used and changed for standard, high, low process types
The only way to run my program, so far, has been to disable on access scan.But that's a bad solution.
It's very annoying that mcafee doesn't let me make my own decision to run a specific programme.
I don't care whether mcafee think it's a threat or not. I know the risk and I make the informed decision to use that programme.. mcafee can warn me but it should not override my decision.
mcafee ought to offer exclusion list for all process types:
standard, high, low and critical
Assuming ENS works the same way as VSE...
When adding process exclusions, you setup 3 different scanning policy's based on High, Standard, Low risk level... So basically if you trust a process & do not want to scan anything it accesses, then you classify that as a Low risk & would set your Low risk policy to not scan on read or write...
BUT... for what i believe you are trying to achieve (i.e. don't have the .exe itself picked up as malicious) you just need to add a file exclusion for the exe file (or the directory it is running from if you like).
thanks for your input, your solution is what I tried the first time. but it doesn't work.
It seems that mcafee consider this file as a critical threat. Therefore, all the setting (exclusions...) that you can set for standard, high and low do not apply to a critical threat.
I tried other mining programme and Mcafee consistently assume they are critical threat.
This is so annoying that Mcafee takes decision on my behalf without my consent.
I can perfectly understand that many malware use the same mining programme to their own benefit but they are also many people who mining software for their own benefit too.
Anyway, I've spent too much time on this and I will get rid of Mcafee asap. I'll try other solution (I tried AVG and it did let me create an exception for my mining programme)
Thanks to all for trying to help