cancel
Showing results for 
Search instead for 
Did you mean: 
cahmadh
Level 7
Report Inappropriate Content
Message 1 of 17

MaCafee blocked almost 100 registry values!

Hi,

I have McAfee Enterprise on the server which i recently installed. The issue is i have symantec backup sever and Symantec backup utility is intalled on the server. MaCafee is blocking the utility to take the backup. In the accessprotectionlog its showing that the registry access is blocked.

How i can give registry access to this application as its very important?


Thanks in advance

16 Replies
andydu
Level 7
Report Inappropriate Content
Message 2 of 17

Re: MaCafee blocked almost 100 registry values!

Hello, maybe you should exclude your backup process?

https://kc.mcafee.com/corporate/index?page=content&id=KB67544

cahmadh
Level 7
Report Inappropriate Content
Message 3 of 17

Re: MaCafee blocked almost 100 registry values!

Thanks for replying..actually i dont have ePO 4.5 console installed i believe. I have just installed the antivirus.

Is it comes with the antivirus? if yes how to access this?

Thx

andydu
Level 7
Report Inappropriate Content
Message 4 of 17

Re: MaCafee blocked almost 100 registry values!

it will be easier when you write what DO you have - and not what don't.

Virus Scan Console -> On Access Scanner -> Properties

Greetings

A.

Understanding High-Risk, Low-Risk, and Default processes configuration  and usage:

https://kc.mcafee.com/corporate/index?page=content&id=KB55139

Nachricht geändert durch andydu on 24.03.10 12:55:57 GMT+01:00
Mal09
Level 12
Report Inappropriate Content
Message 5 of 17

Re: MaCafee blocked almost 100 registry values!

Actually, the issue is caused by the "Access Protection", not the scanner.

VirusScan Console, Access Protection.

You will probably need to add in the file name of the Symantec backup to the exemptions list for the rules that are triggering.

cahmadh
Level 7
Report Inappropriate Content
Message 6 of 17

Re: MaCafee blocked almost 100 registry values!

Yes, you are probably right, the option is there. Let me add some inclusion and then see what happens.

Re: MaCafee blocked almost 100 registry values!

Cahmadh,

The exact reason this is hapening is because of the Access protection policy that you have set.

Under the Access protection, Go to the Antivirus Standard Protection :- Prevent registry editor and taskmanager from being disabled. Deselect that option and you will see a lot of Access protection alerts going down in a big way.

Or, If you still want to keep that option active but want the scanner to stop blocking the Symantec Service, Then please exclude that particulat process. Under the On Access Scanner settings. To get a better understanding of how the exclusions work and what kind of high and low processes can be excluded, please take a look ath this Url.

https://kc.mcafee.com/corporate/index?page=content&id=KB66909

Please revert with the update.

Sameer

cahmadh
Level 7
Report Inappropriate Content
Message 8 of 17

Re: MaCafee blocked almost 100 registry values!

Thanks you for your reply, i am still observing the backup. Yesterday backup again failder i am checking the log and will revert back to you.

cahmadh
Level 7
Report Inappropriate Content
Message 9 of 17

Re: MaCafee blocked almost 100 registry values!

Dear Sameer,

There is no tick mark on the Block or Report column under standard protection --> Prevnet registry editor and task manager from being disabled. So i have not set that policy its by default like this...Do you want me to change something in it?

Following are SOME of the accessprotection logs for your reference

3/26/2010    7:45:28 PM    Would be blocked by Access Protection rule  (rule is currently not enforced)     NT AUTHORITY\SYSTEM    C:\Program Files\Symantec\Backup Exec\RAWS\beremote.exe    \REGISTRY\MACHINE\SOFTWARE\VMware, Inc.\VMware VirtualCenter    Virtual Machine ProtectionSmiley Tonguerevent modification of VMWare Workstation files and settings    Action blocked : Write
3/26/2010    11:45:29 PM    Would be blocked by Access Protection rule  (rule is currently not enforced)     NT AUTHORITY\SYSTEM    C:\Program Files\Symantec\Backup Exec\RAWS\beremote.exe    \REGISTRY\MACHINE\SOFTWARE\VMware, Inc.\VMware VirtualCenter    Virtual Machine ProtectionSmiley Tonguerevent modification of VMWare Workstation files and settings    Action blocked : Write
3/27/2010    3:45:29 AM    Would be blocked by Access Protection rule  (rule is currently not enforced)     NT AUTHORITY\SYSTEM    C:\Program Files\Symantec\Backup Exec\RAWS\beremote.exe    \REGISTRY\MACHINE\SOFTWARE\VMware, Inc.\VMware VirtualCenter    Virtual Machine ProtectionSmiley Tonguerevent modification of VMWare Workstation files and settings    Action blocked : Write
3/27/2010    7:45:29 AM    Would be blocked by Access Protection rule  (rule is currently not enforced)     NT AUTHORITY\SYSTEM    C:\Program Files\Symantec\Backup Exec\RAWS\beremote.exe    \REGISTRY\MACHINE\SOFTWARE\VMware, Inc.\VMware VirtualCenter    Virtual Machine ProtectionSmiley Tonguerevent modification of VMWare Workstation files and settings    Action blocked : Write


Please let me know where i can give access to the above programe. Becaue Symantec backup utility have many processes running i can not give access to everyprocess one by one.


Waiting for you reply. cahmadh

Re: MaCafee blocked almost 100 registry values!

Cahmadh,

Now I know what is going on here.

Please open up the Access Protection and then go to the Vmware and Virtual Machine protection tab. There you will see that be default, All the columns are checked. Please deselect those and test if this stos these alerts and then we will figureout a way to deal this way.

Please let me know what is the outcome.

Sameer