Long sotry short, I'm not the only one that touches our ePO console. I've noticed many events showing up for a McAfee hips rule that should not be showing up. These events include Files and Executables that have been whitelisted in an exception rule I made for this McAfee rule.
How do I go about ensuring it is on/enabled and also applied to the endpoints? I need to rule this out before I call the events showing up a bigger issuse.
Thank greatscott. What ended up being the issue is that exception rules "AND" executables and files (under parameters) together. I needed to split it up into two exception rules for one McAfee rule. One exception rule for the executables, and one for the files.