cancel
Showing results for 
Search instead for 
Did you mean: 
shakira
Level 10

How do I ensure an exception rule is on, and also applied to endpoints?

Jump to solution

Long sotry short, I'm not the only one that touches our ePO console. I've noticed many events showing up for a McAfee hips rule that should not be showing up. These events include Files and Executables that have been whitelisted in an exception rule I made for this McAfee rule.

How do I go about ensuring it is on/enabled and also applied to the endpoints? I need to rule this out before I call the events showing up a bigger issuse.

Thanks.

0 Kudos
1 Solution

Accepted Solutions
greatscott
Level 12

Re: How do I ensure an exception rule is on, and also applied to endpoints?

Jump to solution

One way you can check if the IPS policy is assigned to a system:

1. Go to the system

2. Go into the Regedit

3. HKLM\Software\McAfee\HIP\Config\Settings\Client_PolicyNameIPSRulesList

4. Note the value data for this key. Make sure the name of your policy is listed.

If you see your policy is listed, you might have a bigger issue. One other thing you may want to do is reinstall the McAfee Agent and HIPS before going any further.

0 Kudos
2 Replies
greatscott
Level 12

Re: How do I ensure an exception rule is on, and also applied to endpoints?

Jump to solution

One way you can check if the IPS policy is assigned to a system:

1. Go to the system

2. Go into the Regedit

3. HKLM\Software\McAfee\HIP\Config\Settings\Client_PolicyNameIPSRulesList

4. Note the value data for this key. Make sure the name of your policy is listed.

If you see your policy is listed, you might have a bigger issue. One other thing you may want to do is reinstall the McAfee Agent and HIPS before going any further.

0 Kudos
shakira
Level 10

Re: How do I ensure an exception rule is on, and also applied to endpoints?

Jump to solution

Thank greatscott. What ended up being the issue is that exception rules "AND" executables and files (under parameters) together. I needed to split it up into two exception rules for one McAfee rule. One exception rule for the executables, and one for the files.

0 Kudos