cancel
Showing results for 
Search instead for 
Did you mean: 
noobav
Level 7
Report Inappropriate Content
Message 1 of 5

Access protection user-defined rule doesnt work !

Whilst trying to get access protection user defined rules working and finding them removed by my Epo agent i then removed the epo agent from my computer with frminst.exe /remove=agent

But the rules still dont work. For example when i add a user defined rule to stop files from running from USB drives like e:\*.* The rule works once but when i reboot or remove and add the USB again the rule although still present in the console doesnt work.

Is it because something is left over from the Epo Agent ?

is there some registry setting i can change ?

im using 8.5i with patch 7

Thanks
4 Replies
tonyb99
Level 13
Report Inappropriate Content
Message 2 of 5

RE: Access protection user-defined rule doesnt work !

so you have broken your AV installation by removing the agent so you will no longer get updates/patches/DATs?

are you just trying to prevent autoruns from devices?

if so what os are you running as you do this with the OS not VSE
noobav
Level 7
Report Inappropriate Content
Message 3 of 5

RE: Access protection user-defined rule doesnt work !

I realise I've probably done something stupid but what happened was we had virusscan 8 and updates stopped working so epo agent was installed to update the package to 8.5 but it wiped out the local user-defined rules i had.

so thats why i unistalled the agent (i thought it could be uninstalled without breaking av), i have now reinstalled the updater part with frmpkg /install=updater

I want updates i just dont want epo rules overriding rules i create on my machine.

I'm running xp sp2

so basically the rule i created was e:\***.swf now no longer works after the agent upgraded me to 8.5i.

its to stop swf files running from USB.
tonyb99
Level 13
Report Inappropriate Content
Message 4 of 5

RE: Access protection user-defined rule doesnt work !

The epo policies will override any local policies unless this has been switched off from the epo console for the machine.

Have you tried asking the epo admin for an e drive rule?
noobav
Level 7
Report Inappropriate Content
Message 5 of 5

RE: Access protection user-defined rule doesnt work !

Thanks for your help on this Tony i know you are right i just didnt want to trouble the epo admin although i am pretty sure uninstalling the agent now prevents policies from overriding what i do locally, as without the agent av cant talk to the their epo server anymore and have stuff wiped out every 5 minutes or whatever it is. Only trouble is now access protection user defined rules dont work properly.

the main reason i didnt want to trouble them is because i didnt know whether they could add an e rule just for me and certain workstations at my site. As against adding it to all the other sites they send the policies down to ?

i know they are very busy as well and i wanted a quick fix really but i suppose the quick and easy path leads to the darkside eh ?
More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator