cancel
Showing results for 
Search instead for 
Did you mean: 

On-Access Scanner exceptions resetting

Jump to solution

I am part of a team developing an application that will run on Windows Server 2012. Our customer's systems are running McAfee Agent version 5.0.5.658 . For our application to run its directory needs to be whitelisted in the On-Access Scanner properties. Every time the machine starts the whitelist resets and forgets all of our additions. I am not particularly familiar with McAfee and could not find any setting to persist these exceptions. Is there a way to permanently whitelist a directory or prevent the reset from occuring? Any help would be much appreciated.

1 Solution

Accepted Solutions
McAfee Employee jess_arman
McAfee Employee
Report Inappropriate Content
Message 6 of 6

Re: On-Access Scanner exceptions resetting

Jump to solution

@help_pls_mcafee Even when ePO is unreachable, enforcement will occur at the ASCI time as it will apply the last policy it received from ePO.
    In order to avoid this, you would need to have self-protection of the McAfee Agent disabled to be able to disable the McAfee Agent services to forcefully prevent policy enforcement. You would have to disable self-protection via policy from ePO if it's enabled, so as a workaround you could boot into safe-mode, change the start-up type to disabled for McAfee Agent services, and then reboot.
    It is not convenient, as it isn't supposed to be for a managed system, since the purpose of management is to have control over the endpoint and prevent it from being tampered with--but it is the one option you have.

 

Was my reply helpful?

If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?

5 Replies
McAfee Employee chealey
McAfee Employee
Report Inappropriate Content
Message 2 of 6

Re: On-Access Scanner exceptions resetting

Jump to solution

Are your systems managed by ePO? Exclusions can only be removed, if the system is managed by ePO and the exclusions are being applied locally.

If they are ePO managed and you only want exclusions for that one machine, then you can create a seperate policy and assign it just to this one machine.

If the system is not ePO managed, then you should not see your exclusions being removed. Where did you add your exclusions?

Was my reply helpful?
If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?

Re: On-Access Scanner exceptions resetting

Jump to solution

The exceptions were added through the on-access scanner properties. So on the machine itself, in VirusScan Console, right clicked On-Access Scanner -> Properties -> All Processes -> Exclusions. I do not see ePolicy Orchestrator installed anywhere on this machine but do see Policy Auditor Agent, so this machine is being managed by ePO correct? Is it possible to manage the exclusions from this machine through Policy Auditor Agent alone?

McAfee Employee chealey
McAfee Employee
Report Inappropriate Content
Message 4 of 6

Re: On-Access Scanner exceptions resetting

Jump to solution

ePO would not be installed on your client machine but would be used to manage the systems. Do  you know if this is the case? If not, you can check by right-clicking the agent icon in your task bar and clicking about. Under McAfee Agent you will see the status as managed or unmanaged.

If it is managed then you have ePO and this will mean any local settings will be reverted when the system communicates to ePO. If it is un-managed then your settings are local and by adding entries via the VSE console these should be saved and retained until you change them.

Was my reply helpful?
If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?
Highlighted

Re: On-Access Scanner exceptions resetting

Jump to solution

It is a managed system, but it is not connected to ePO. In the Agent Monitor, it lists failing to communicate with ePO, which is expected because we aren't connected to that network. Is there any way to prevent the policy enforcement, temporarily or otherwise, without going through the ePO?

McAfee Employee jess_arman
McAfee Employee
Report Inappropriate Content
Message 6 of 6

Re: On-Access Scanner exceptions resetting

Jump to solution

@help_pls_mcafee Even when ePO is unreachable, enforcement will occur at the ASCI time as it will apply the last policy it received from ePO.
    In order to avoid this, you would need to have self-protection of the McAfee Agent disabled to be able to disable the McAfee Agent services to forcefully prevent policy enforcement. You would have to disable self-protection via policy from ePO if it's enabled, so as a workaround you could boot into safe-mode, change the start-up type to disabled for McAfee Agent services, and then reboot.
    It is not convenient, as it isn't supposed to be for a managed system, since the purpose of management is to have control over the endpoint and prevent it from being tampered with--but it is the one option you have.

 

Was my reply helpful?

If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community