cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

HIPS Blocking Teams.EXE for Signature 7066, exceptions not working

Jump to solution

When Installing Microsoft Teams Hips is triggered for signature 7066. I attempted to create an exception from the Threat Event, but HIPs still blocks it. Teams.exe triggers 7066, "Prevent Common Executable's From Running In User Profile Folder."

I have even tried adding Teams.exe in the Trust Applications Policy, but it still blocks it. When I turn HIPs off, it works just fine. So I am confused as to why a rule created from the threat event does not even work. Something seems to be triggering that is not being recorded in the event.

Thank you in advance for any advise.

1 Solution

Accepted Solutions
McAfee Employee ktankink
McAfee Employee
Report Inappropriate Content
Message 2 of 2

Re: HIPS Blocking Teams.EXE for Signature 7066, exceptions not working

Jump to solution

Signature 7066 is a custom signature (not a McAfee default signature), so if you have a concern about the signature itself, you would need to contact your internal team that created the signature.

In regards, to the IPS exception issue you're asking about, I think it would be best to open a Service Request with McAfee Support to further discuss the specifics so that the event and exception details are not on public display.  I suspect it's just a configuration issue with the IPS exception (compared to the IPS event details).

View solution in original post

1 Reply
McAfee Employee ktankink
McAfee Employee
Report Inappropriate Content
Message 2 of 2

Re: HIPS Blocking Teams.EXE for Signature 7066, exceptions not working

Jump to solution

Signature 7066 is a custom signature (not a McAfee default signature), so if you have a concern about the signature itself, you would need to contact your internal team that created the signature.

In regards, to the IPS exception issue you're asking about, I think it would be best to open a Service Request with McAfee Support to further discuss the specifics so that the event and exception details are not on public display.  I suspect it's just a configuration issue with the IPS exception (compared to the IPS event details).

View solution in original post

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community