cancel
Showing results for 
Search instead for 
Did you mean: 
Nick_B
Level 11
Report Inappropriate Content
Message 11 of 12

Re: Hyper-V host Exclusions

Jump to solution

Wow, that was a super swift response, thanks!

So, my old boss was correct in what he said when he was explaining about how low-risk processes work then! Awesome, thanks for the clarification on this much-debated topic.

Nick

Nick_B
Level 11
Report Inappropriate Content
Message 12 of 12

Re: Hyper-V host Exclusions

Jump to solution

Hi guys,

One more question, gents.

What would mitigate the situation whereby a malicious process attempts to spoof or mimic another process?

So for example, you have added vmms.exe as a low-risk process and have added it to the relevant OAS low-risk processes policy with no exclusions defined, in other words that process has free rein over any activity.

Then, subsequently a malicious process pretends to be vmms.exe and attempts to wreak havoc?

How far would such a process likely get and what can be done to mitigate against this, assuming we have VSE only, no HIPS or ENS?

FYI - the following VSE AP Rules are all disabled in the customer's environment:

  • Prevent common programs from running files from the Temp folder
  • Prevent svchost executing non-Windows executables
  • Prevent programs registering to autorun
  • Prevent Windows Process spoofing (Anti-virus Standard Protection: Prevent Windows Process spoofing)

Thanks,

Nick

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community