I'm seeing blocks within the Access Protection log for items which I have excluded (by creating rules, and adding exceptions) from being blocked. Many of these are McAfee related items need for various McAfee point products to work properly.
Configured exclusion is applied for workstation or server ?..Check the flavor of O.S and then validate your configured exclusion policies accordingly..
That's trickier to do. Because they're configured on an ePO server, when I look at them on the local clients, the boxes are grayed out. Because the lists of exceptions are so long, you'd need to scroll to see them all. But the box is grayed out, so I can't scroll to locally verify. Also, the items being blocked are McAfee related executables. Shouldn't these be automatically allowed by default?
"....Because the lists of exceptions are so long, you'd need to scroll to see them all. But the box is grayed out, so I can't scroll to locally verify...." Sounds like the Console is locked; under tools <> Unlock User Interface. If you don't have the password to unlock the Console; perhaps reach out to your ePO Administrator and send them the access protection logs.
I made the ePO administrator aware already. He also does not understand why whitelisted McAfee items are being blocked.
Map the access protection alert to an exclusion; then review that particular policy exclusion on the ePO server. If it matches at the ePO server level, then review on the client; if that matches then post the particular policy exclusion and the access protection alert.