Showing results for 
Show  only  | Search instead for 
Did you mean: 
Level 7
Report Inappropriate Content
Message 1 of 4



i have a lot of alerts generated by AP and i am not sure where to start. For example McAfee blocking its own processes. I read that when you check in new extensions to ePO, the exceptions will be enetered into policies. This doesn’t seem to be the case. Is there a list of the exceptions that I should have? Do I have to enter them manually? If yes can I do on fly?


3 Replies
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 4

Re: alerts


 How to proceed will have mostly to do with what rule(s) are violated. 
Keep in mind that once a rule is modified (add exclusions) it becomes a self-managed custom rule.  
Otherwise adding exclusions to AP is common.
See KB73080 - It article should get you through this.

If you have more question look in the AP log
In Run line:
%deflogdir% locate accessprotection.log
provide copy of log entries for the rules being violated.

Level 7
Report Inappropriate Content
Message 3 of 4

Re: alerts


This is  major pain. Can I add these exclusions after on a fly withou breakign anythong.  am getting a lot of



Common Standard Protection:Prevent termination of McAfee processes


Thank you

McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 4 of 4

Re: alerts

Topic is covered in KB84015

Before excluding anything the behavior needs to be understood. 


A service running within SvcHost.exe or a third-party process is accessing and enumerating the running processes with a permission set that allows it to terminate processes, though it might not actually be attempting to terminate processes. 

Svchost.exe is a process on your computer that hosts, or contains, other individual services that Windows uses to perform various functions. For example, Windows Defender uses a service that is hosted by a svchost.exe process. There can be multiple instances of svchost.exe running on your computer, with each instance containing different services. One instance of svchost.exe might host a single service for a program, and another instance might host several services related to Windows. You can use Task Manager to view which services are running under each instance of svchost.exe.

Some third-party applications enumerate processes with the privilege to terminate processes. This can cause the rule to be triggered many times per minute, depending on the application.


This is expected behavior, and VSE is working as designed.

The rule is triggered because it is a self-protection rule, and it acts as a security measure to avoid any third-party applications or malware from disabling VSE protection.

Contact Microsoft if further root cause or information is required
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community