i have a lot of alerts generated by AP and i am not sure where to start. For example McAfee blocking its own processes. I read that when you check in new extensions to ePO, the exceptions will be enetered into policies. This doesn’t seem to be the case. Is there a list of the exceptions that I should have? Do I have to enter them manually? If yes can I do on fly?
How to proceed will have mostly to do with what rule(s) are violated.
Keep in mind that once a rule is modified (add exclusions) it becomes a self-managed custom rule.
Otherwise adding exclusions to AP is common.
See KB73080 - It article should get you through this.
If you have more question look in the AP log
In Run line:
%deflogdir% locate accessprotection.log
provide copy of log entries for the rules being violated.
This is major pain. Can I add these exclusions after on a fly withou breakign anythong. am getting a lot of
C:\PROGRAM FILES\COMMON FILES\MCAFEE\SYSTEMCORE\MCSHIELD.EXE
Common Standard Protection:Prevent termination of McAfee processes
Topic is covered in KB84015
Before excluding anything the behavior needs to be understood.