Showing results for 
Search instead for 
Did you mean: 

McAfee Endpoint security - File deletion issues


I developed an installation package for a freeware product which includes SQL Server 2014 databases. Some of our customer's are using Mcafee Endpoint security. It contains the following rule

"Deleting files commonly targeted by ransomware-class malware"

Our Installation package needs to remove the temporary files created by the Setup and the freeware product. Due to the above rule, cleanup failed and setup blocked by the McAfee

We are getting many complaints from the market and they cannot use installer to upgrade the product.

Could you please guide us on the procedure that should be followed by us in the installer to safely delete our own files ?



3 Replies
McAfee Employee dvarnell
McAfee Employee
Report Inappropriate Content
Message 2 of 4

Re: McAfee Endpoint security - File deletion issues


The "Deleting files commonly targeted by ransomware-class malware" rule is one which is not enabled by default policies, however monitoring for this rule (once it is enabled) is triggered (again, with default settings,) when the parent process has a reputation that says it "Might be Malicious."

Endpoint Security Adaptive Threat Protection Product Guide

The bottom of page 49 goes into this a bit, if you want to take a look.


What I would recommend in this scenario is to check out KB85568 to see how to submit your software for whitelisting.

Reliable Contributor ninov_n
Reliable Contributor
Report Inappropriate Content
Message 3 of 4

Re: McAfee Endpoint security - File deletion issues


I would suggest you to run a GetSusp tool on a machine with the installer package in place:

It will show you if heuristics gets it as a suspicious file or unknow for GTI

Also it would be good to submit it as a false-positive with McAfee Labs to prevent future detections:

Otherwise you can go on and add ATP policy exclusion on all machines you have such issue similar to below one or simply disable that DAC rule temporary:

Capture.PNGDAC exclusion


In case above information was useful or answered your question, please select "Accept as Solution" in my reply, or give a Kudo. Thanks!
Tags (3)

Re: McAfee Endpoint security - File deletion issues

Thank you for the tools details. I will check this out and get back to you asap