cancel
Showing results for 
Search instead for 
Did you mean: 
shakira
Level 10
Report Inappropriate Content
Message 1 of 3

How do I ensure an exception rule is on, and also applied to endpoints?

Jump to solution

Long sotry short, I'm not the only one that touches our ePO console. I've noticed many events showing up for a McAfee hips rule that should not be showing up. These events include Files and Executables that have been whitelisted in an exception rule I made for this McAfee rule.

How do I go about ensuring it is on/enabled and also applied to the endpoints? I need to rule this out before I call the events showing up a bigger issuse.

Thanks.

1 Solution

Accepted Solutions

Re: How do I ensure an exception rule is on, and also applied to endpoints?

Jump to solution

One way you can check if the IPS policy is assigned to a system:

1. Go to the system

2. Go into the Regedit

3. HKLM\Software\McAfee\HIP\Config\Settings\Client_PolicyNameIPSRulesList

4. Note the value data for this key. Make sure the name of your policy is listed.

If you see your policy is listed, you might have a bigger issue. One other thing you may want to do is reinstall the McAfee Agent and HIPS before going any further.

2 Replies

Re: How do I ensure an exception rule is on, and also applied to endpoints?

Jump to solution

One way you can check if the IPS policy is assigned to a system:

1. Go to the system

2. Go into the Regedit

3. HKLM\Software\McAfee\HIP\Config\Settings\Client_PolicyNameIPSRulesList

4. Note the value data for this key. Make sure the name of your policy is listed.

If you see your policy is listed, you might have a bigger issue. One other thing you may want to do is reinstall the McAfee Agent and HIPS before going any further.

shakira
Level 10
Report Inappropriate Content
Message 3 of 3

Re: How do I ensure an exception rule is on, and also applied to endpoints?

Jump to solution

Thank greatscott. What ended up being the issue is that exception rules "AND" executables and files (under parameters) together. I needed to split it up into two exception rules for one McAfee rule. One exception rule for the executables, and one for the files.

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community