cancel
Showing results for 
Search instead for 
Did you mean: 
eug
Level 7
Report Inappropriate Content
Message 1 of 2

VSE: Add an exclusion to Access Protection Policy

Hi, I have a problem with adding an exclusion to Access Protection Policy for servers.

I try add a process "C:\Program Files\Java\jre7\bin\client\jvm.dll" to exclude list in built-in rule "Prevent svchost executing non-Windows executables"

I've set the following settings for "Servers" (below). I've checked that agent has a "Server" tag. I've pushed policy to an agent.

But, process "C:\Program Files\Java\jre7\bin\client\jvm.dll still generates a lot of detection by this rule. What am I doing wrong?

test.gif

1 Reply
wwarren
Level 15
Report Inappropriate Content
Message 2 of 2

Re: VSE: Add an exclusion to Access Protection Policy

You cannot exclude a DLL.

It is "Processes to exclude" only.

Had a similar conversation recently, but the fact is Access Protection is not as flexible as some folk would like. You are welcome to submit PERs for the desired functionality.

William W. Warren | S.I.R.R. | Customer Success Group | McAfee