cancel
Showing results for 
Search instead for 
Did you mean: 

On-Access Scanner exceptions resetting

Jump to solution

I am part of a team developing an application that will run on Windows Server 2012. Our customer's systems are running McAfee Agent version 5.0.5.658 . For our application to run its directory needs to be whitelisted in the On-Access Scanner properties. Every time the machine starts the whitelist resets and forgets all of our additions. I am not particularly familiar with McAfee and could not find any setting to persist these exceptions. Is there a way to permanently whitelist a directory or prevent the reset from occuring? Any help would be much appreciated.

1 Solution

Accepted Solutions
Highlighted
McAfee Employee jess_arman
McAfee Employee
Report Inappropriate Content
Message 6 of 6

Re: On-Access Scanner exceptions resetting

Jump to solution

@help_pls_mcafee Even when ePO is unreachable, enforcement will occur at the ASCI time as it will apply the last policy it received from ePO.
    In order to avoid this, you would need to have self-protection of the McAfee Agent disabled to be able to disable the McAfee Agent services to forcefully prevent policy enforcement. You would have to disable self-protection via policy from ePO if it's enabled, so as a workaround you could boot into safe-mode, change the start-up type to disabled for McAfee Agent services, and then reboot.
    It is not convenient, as it isn't supposed to be for a managed system, since the purpose of management is to have control over the endpoint and prevent it from being tampered with--but it is the one option you have.

 

Was my reply helpful?

If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?

5 Replies
McAfee Employee chealey
McAfee Employee
Report Inappropriate Content
Message 2 of 6

Re: On-Access Scanner exceptions resetting

Jump to solution

Are your systems managed by ePO? Exclusions can only be removed, if the system is managed by ePO and the exclusions are being applied locally.

If they are ePO managed and you only want exclusions for that one machine, then you can create a seperate policy and assign it just to this one machine.

If the system is not ePO managed, then you should not see your exclusions being removed. Where did you add your exclusions?

Was my reply helpful?
If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?

Re: On-Access Scanner exceptions resetting

Jump to solution

The exceptions were added through the on-access scanner properties. So on the machine itself, in VirusScan Console, right clicked On-Access Scanner -> Properties -> All Processes -> Exclusions. I do not see ePolicy Orchestrator installed anywhere on this machine but do see Policy Auditor Agent, so this machine is being managed by ePO correct? Is it possible to manage the exclusions from this machine through Policy Auditor Agent alone?

McAfee Employee chealey
McAfee Employee
Report Inappropriate Content
Message 4 of 6

Re: On-Access Scanner exceptions resetting

Jump to solution

ePO would not be installed on your client machine but would be used to manage the systems. Do  you know if this is the case? If not, you can check by right-clicking the agent icon in your task bar and clicking about. Under McAfee Agent you will see the status as managed or unmanaged.

If it is managed then you have ePO and this will mean any local settings will be reverted when the system communicates to ePO. If it is un-managed then your settings are local and by adding entries via the VSE console these should be saved and retained until you change them.

Was my reply helpful?
If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?

Re: On-Access Scanner exceptions resetting

Jump to solution

It is a managed system, but it is not connected to ePO. In the Agent Monitor, it lists failing to communicate with ePO, which is expected because we aren't connected to that network. Is there any way to prevent the policy enforcement, temporarily or otherwise, without going through the ePO?

Highlighted
McAfee Employee jess_arman
McAfee Employee
Report Inappropriate Content
Message 6 of 6

Re: On-Access Scanner exceptions resetting

Jump to solution

@help_pls_mcafee Even when ePO is unreachable, enforcement will occur at the ASCI time as it will apply the last policy it received from ePO.
    In order to avoid this, you would need to have self-protection of the McAfee Agent disabled to be able to disable the McAfee Agent services to forcefully prevent policy enforcement. You would have to disable self-protection via policy from ePO if it's enabled, so as a workaround you could boot into safe-mode, change the start-up type to disabled for McAfee Agent services, and then reboot.
    It is not convenient, as it isn't supposed to be for a managed system, since the purpose of management is to have control over the endpoint and prevent it from being tampered with--but it is the one option you have.

 

Was my reply helpful?

If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?

More McAfee Tools to Help You
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • Visit: Business Service Portal
  • More: Search Knowledge Articles
  • ePolicy Orchestrator Support

    • Download the new ePolicy Orchestrator (ePO) Support Center Extension which simplifies ePO management and provides support resources directly in the console. Learn more about ePO Support Center