cancel
Showing results for 
Search instead for 
Did you mean: 

how modify policy for ENS for linux from ePO

Problem still exist:

/opt/isec/ens/threatprevention/bin/isecav --getallaprules ---------------------------------------------------------------------------------------------------------------------------------------------------------
|Index Rule Name Block Status Report Status Origin |
---------------------------------------------------------------------------------------------------------------------------------------------------------
|1 IDS_AP_RULE_PREVENT_WRITE_STARTUPFILES_LINUX Disabled Enabled McAfee-defined |
|2 IDS_AP_RULE_PREVENT_MODIFICATION_PASSWORDFILES_LINUX Enabled Enabled McAfee-defined |
|3 IDS_AP_RULE_PREVENT_READ_WRITE_DELETE_RENAME_HARDLINK_PERMISSION_OWNERSHIP_VMWARE_DEVICES_LINUX Disabled Enabled McAfee-defined |
|4 IDS_AP_RULE_PREVENT_CREATE_DELETE_RENAME_HARDLINK_STARTUPFILES_LINUX Disabled Enabled McAfee-defined |
|5 IDS_AP_RULE_PREVENT_WRITE_DELETE_RENAME_HARDLINK_PERMISSION_OWNERSHIP_VMWARE_CONFIGFILES_LINUX Disabled Enabled McAfee-defined |
|6 IDS_AP_RULE_PREVENT_PERMISSION_OWNERSHIP_STARTUPFILES_LINUX Disabled Enabled McAfee-defined |


|7 IDS_AP_RULE_PREVENT_CREATION_LINK_SYSTEMFILES_LINUX Disabled Disabled McAfee-defined |
---------------------------------------------------------------------------------------------------------------------------------------------------------
# docker pull cplsvdgs-dockerhub.zd.if.atcsg.net:5000/tesseract-service-opc-ua:latest
latest: Pulling from tesseract-service-opc-ua
f476d66f5408: Extracting 37.21MB/37.21MB
8882c27f669e: Download complete
d9af21273955: Download complete
f5029279ec12: Download complete
4a74e122f811: Download complete
316d00b0f915: Download complete
31b02a56401e: Download complete
35e701e4f110: Download complete
afe125c9b233: Download complete
b9abee5a056a: Download complete
ac437e7c4fd6: Download complete
35736ae1c1a0: Download complete
5d4036f4cc48: Download complete
d1568e3f647d: Download complete
57ece4ef9034: Download complete
faffda0cfa70: Download complete
failed to register layer: Error processing tar file(exit status 1): open /etc/passwd: permission denied

When i stop McAfee it works.

 

We have the kb article for disable the Access Protection rule locally on the ENS for linux console

however is there a way to do the same remotely from ePO

We have ePO 5.9.1 and ENS for linux help extension installed as well

3 Replies
Highlighted

Re: how modify policy for ENS for linux from ePO

team,

 

Can some one please assist to share some information for this query

McAfee Employee chealey
McAfee Employee
Report Inappropriate Content
Message 3 of 4

Re: how modify policy for ENS for linux from ePO

Within ePO you should see the Endpoint Security Policies. One of these is called "Access Protection". This is where you can make modifications to which rules are active or even if the whole module is enabled.

Was my reply helpful?
If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?

Re: how modify policy for ENS for linux from ePO

Hi Chealey,

Thank you for responding to this post

 

I have checked and the Access Protection Policies only allow me to add a new policy and mention the path for exclusion or blocking 

 

I need to know, if we are seeing the below policies locally on the ENS console, are we not able to see the same policies from ePO console. So that we can enable or disable these policies from the ePO console, rather than doing the same locally

 

 IDS_AP_RULE_PREVENT_WRITE_STARTUPFILES_LINUX Disabled Enabled McAfee-defined |
|2 IDS_AP_RULE_PREVENT_MODIFICATION_PASSWORDFILES_LINUX Enabled Enabled McAfee-defined |
|3 IDS_AP_RULE_PREVENT_READ_WRITE_DELETE_RENAME_HARDLINK_PERMISSION_OWNERSHIP_VMWARE_DEVICES_LINUX Disabled Enabled McAfee-defined |
|4 IDS_AP_RULE_PREVENT_CREATE_DELETE_RENAME_HARDLINK_STARTUPFILES_LINUX Disabled Enabled McAfee-defined |
|5 IDS_AP_RULE_PREVENT_WRITE_DELETE_RENAME_HARDLINK_PERMISSION_OWNERSHIP_VMWARE_CONFIGFILES_LINUX Disabled Enabled McAfee-defined |
|6 IDS_AP_RULE_PREVENT_PERMISSION_OWNERSHIP_STARTUPFILES_LINUX Disabled Enabled McAfee-defined 

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community