i have a lot of alerts generated by AP and i am not sure where to start. For example McAfee blocking its own processes. I read that when you check in new extensions to ePO, the exceptions will be enetered into policies. This doesn’t seem to be the case. Is there a list of the exceptions that I should have? Do I have to enter them manually? If yes can I do on fly?
How to proceed will have mostly to do with what rule(s) are violated.
Keep in mind that once a rule is modified (add exclusions) it becomes a self-managed custom rule.
Otherwise adding exclusions to AP is common.
See KB73080 - It article should get you through this.
If you have more question look in the AP log
In Run line:
%deflogdir% locate accessprotection.log
provide copy of log entries for the rules being violated.
This is major pain. Can I add these exclusions after on a fly withou breakign anythong. am getting a lot of
C:\PROGRAM FILES\COMMON FILES\MCAFEE\SYSTEMCORE\MCSHIELD.EXE
Common Standard Protection:Prevent termination of McAfee processes
Topic is covered in KB84015
Before excluding anything the behavior needs to be understood.
Download the new ePolicy Orchestrator (ePO) Support Center Extension which simplifies ePO management and provides support resources directly in the console. Learn more about ePO Support Center