I have started to use the Mcafee Default rules and instantly getting hundreds of alerts from multiple machines triggered by
Common Standard Protectionrevent common programs from running files from the Temp folder
Source Process Name: C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE
Target File Name: C:\Users\USERNAME\AppData\Local\MICROSOFT\Windows\TEMPORARY INTERNET FILES\Content.IE5\4QT06WEU\CHOSEN.CSS (multiple files not just this one!!!)
If this is a default setting how can it trigger so many alerts from such a common application? I do not want to exclude IEXPLORE.EXE but surely just turning the rule off is not an option.
Surely there must be a way to sort this out !!!!!
We have got Sophos doing a demo soon and I think we will be looking at moving asap due to massive problems with Mcafee !!!
ANY HELP WOULD BE APPRECIATED
If you are having massive problems with McAfee I suggest contact Support for assistance in solving the massive problems.
If you mean the behavior you described is a massive problem, then you misunderstand the purpose of the feature.
The Access Protection rules that exist by default are not all enabled by default, for good reason - reason which you have discovered. Not all environments will be able to use all the rules.
Nothing is preventing you from using the feature to create your own rules, if you had some behavior in mind you wished to block or report on.
which VSE version are you using? And this AP-rule defaults to "report only", so there is no security reduction if you disable this rule temporary.
What is the point of basic defaults that block a common program like Internet Explorer. I cannot see the point of having a rule that just reports anyway.
This is not the first problem I have had with Mcafee, just one in a long line of things, recently put a patch on my users and it started to ignore the "processes to exclude" part !!! Took Mcafee days to get back to me about it and just told me to update the agent with an update that was just released !! Just a couple of weeks ago Mcafee let Cryptoblocker through, major pain !!!!
Rant over !!!
McAfee products always need customization to the specific environment, due to the vast amount of features and settings.So if you don't need to know, which processes execute files from %temp%, just disable the AP-rule...