cancel
Showing results for 
Search instead for 
Did you mean: 

IPS Signature 6051

In VSE there is a AP Rule to prevent Hooking of McAfee Process. That rules transitions to IPS signature 6051. There is no documentation on 6051 and usage. Is there any documentation on 6051? Does 6010 and 6011 replace 6051 or should be used in place of 6051?

Should any exceptions be made for 6051. Example I have Bigfix continuously tripping 6051.

2 Replies
McAfee Employee ktankink
McAfee Employee
Report Inappropriate Content
Message 2 of 3

Re: IPS Signature 6051

Sig 6051 performs the similar functionality as the VSE Access Protection rule.  There is no further documentation on it.  The description you see in the Signature details is "This signature prevents McAfee processes from being hooked."

It is separate functionality from Sig 6010/6011, which are the app white listing signatures.

Sig 6051 exceptions will allow 3rd party applications to hook McAfee processes, which might cause issues (I don't have any specific examples though; testing would need to be performed in your environment; Sig 6051 is DISABLED by default as well).  See if Bigfix has a way to prevent hooking (or some type of exclusion rules) of McAfee processes to alleviate the signature events.

Highlighted

Re: IPS Signature 6051

All 33 HIPs AP rules are disabled by default. If you want HIPS to do the AP vs VSE you have to enable. HIPS 6051 triggers a lot more than the same rule in VSE.

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community