In VSE there is a AP Rule to prevent Hooking of McAfee Process. That rules transitions to IPS signature 6051. There is no documentation on 6051 and usage. Is there any documentation on 6051? Does 6010 and 6011 replace 6051 or should be used in place of 6051?
Should any exceptions be made for 6051. Example I have Bigfix continuously tripping 6051.
Sig 6051 performs the similar functionality as the VSE Access Protection rule. There is no further documentation on it. The description you see in the Signature details is "This signature prevents McAfee processes from being hooked."
It is separate functionality from Sig 6010/6011, which are the app white listing signatures.
Sig 6051 exceptions will allow 3rd party applications to hook McAfee processes, which might cause issues (I don't have any specific examples though; testing would need to be performed in your environment; Sig 6051 is DISABLED by default as well). See if Bigfix has a way to prevent hooking (or some type of exclusion rules) of McAfee processes to alleviate the signature events.
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.
Community Help Hub
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.