cancel
Showing results for 
Search instead for 
Did you mean: 
itjobforme
Level 7

Exclude changes from Windows GPO

This may have already been asked but I can't find it. We notice that HIPS 8.0 is blocking Windows Group Policy on our servers in some cases. Is there a way to make a blanket exclusion to allow any changes that Group Policy tries to make?

0 Kudos
3 Replies
McAfee Employee

Re: Exclude changes from Windows GPO

What process is making changes that HIPS is detecting and blocking?  You'll probably need to create an IPS exception for all signatures and that application.

0 Kudos
itjobforme
Level 7

Re: Exclude changes from Windows GPO

I was afraid of that. I didn't know if there was a way to make Group Policy trusted across the board so that it would just allow all changes made by gpo.

0 Kudos
waynediesel
Level 9

Re: Exclude changes from Windows GPO

I would second what Kary said, you would need to find a process that was making the change on behalf of Group Policy.

I have an example like this in my org where we recently pushed a registry change via GP to all endpoints with WScript.exe. There is most likely a system event log that will show where a change. I actually found this out through a VSE threat event tell ing me that an Access Protection policy that I had in report mode only was violated. When I asked about it I learned that it was done via GP.

0 Kudos