cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
tao
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 1 of 9

Default McAfee Policy

Jump to solution

Does anyone know how to remove/delete the "Default McAfee Policy" within ePO?  Or better yet, allow for a new policy to trump the "Default McAfee Policy" globally?

Some of the documentation that I have read states that the initial install of VSE will receive the "Default McAfee Policy" even if you have a custom policy set.  I would like to change that to receive a custom policy vs the default policy.  I kinda suspect that it has to be done via MID but not positive.

If this information was helpful or has answered your question, please select Accept as Solution. This will assist other memebers
1 Solution

Accepted Solutions
ulyses31
Level 16
Report Inappropriate Content
Message 3 of 9

Re: Default McAfee Policy

Jump to solution

Hi lakshmanans, tao is talking about the McAfee Global Root policies that can only be viewed or duplicated but not edited and are assigned at the global root of the system tree

By default these policies cannot be modified, perhaps by some config files but not through epo console

View solution in original post

8 Replies

Re: Default McAfee Policy

Jump to solution

Dear TAO,

Could you tell me which Default policy that your going to modifiy . Basicall McAfee has its default policies like Access protection policies, McAfee agent policeis etc but we can be able to edit those policies and we can assign to the appropriate groups which you wants to assign .....

ulyses31
Level 16
Report Inappropriate Content
Message 3 of 9

Re: Default McAfee Policy

Jump to solution

Hi lakshmanans, tao is talking about the McAfee Global Root policies that can only be viewed or duplicated but not edited and are assigned at the global root of the system tree

By default these policies cannot be modified, perhaps by some config files but not through epo console

View solution in original post

Re: Default McAfee Policy

Jump to solution

Thank U Ulyses

GGB667
Level 8
Report Inappropriate Content
Message 5 of 9

Re: Default McAfee Policy

Jump to solution
I also want to create a single rule and not have my one rule policy polluted by other "default" elements.
cdinet
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 6 of 9

Re: Default McAfee Policy

Jump to solution

Rule for what product?  Any new product that is installed will get the default policies for that product that are configured as if a stand-alone install, unmanaged.  For most policies, there isn't much set, with the exception of firewall to allow agent communication to epo.  VSE has a way to create a package with a pre-defined policy (McAfee installation designer), but for other products, you would need to check with that team to see if that option is available.  The only thing we can recommend is to have desired policies in place, assigned to the systems before deploying products.  When a new product is installed, the agent will report back to epo the new properties and will then get new policies at that time.  

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

RMFN00B
Level 8
Report Inappropriate Content
Message 7 of 9

Re: Default McAfee Policy

Jump to solution

I'm also having this problem. I work in an environment that is going to require hand tailored policies for each module within HBSS v5.10. After building my system tree out and then hand tailoring some policies I went back into my system tree and found the McAfee default policy assigned to every group within my tree. I went to the top level (My Organization) and broke the inheritance on all of them and selected the ability to stop the policies from being assigned to any groups below the top level but all of my groups in my system tree are still showing the default policy assigned for each module.

   Some of these policies will break some of the services this network will be hosting due to specialized applications. I need to remove the policy assignments but I don't see a way to do that. My next idea was to export all my clients side tasks for each group and then delete those groups within my system tree after ensuring I have broken the inheritance on all the policy assignments first. I'm hoping that once I delete the groups and recreate them with no policy being inherited this might stop the default policy assignments from automatically being assigned. Is this a good way to do it or am I missing something from the "edit Assignment" menu? 

cdinet
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 8 of 9

Re: Default McAfee Policy

Jump to solution

At my organization, you would apply the desired policy for your organization.  If you are using VSE, you can use MID to create a custom package with the desired policy settings.  Those will be active until agent talks to epo and gets an assigned policy.

If using ENS, I believe they also have a package designer to create a custom package with desired policy settings.

If clients are not getting the right policy once they check in, you need to ensure first that policy enforcement is enabled under the policy assignment tab, and you shouldn't have to break inheritance at group levels unless you are assigning different policies than global root.  You can select a system, go to actions, directory, and view applied policies to see which policies the client is actually using.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

RMFN00B
Level 8
Report Inappropriate Content
Message 9 of 9

Re: Default McAfee Policy

Jump to solution

Sorry for the late response. I actually found my issue shortly after posting. I didn't notice at first but at one specific portion of my system tree I had locked the policies which forced them to apply to the branch and all subbranches. That's why I couldn't un-assign the default policies. I got this worked out but thank you.

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community