Showing results for 
Search instead for 
Did you mean: 

Change to On-Access Default Processes Policies not taking effect...

I hope this is a simple question, or I just messed something up:

We're running ePO 4 and we just finally decided that we wanted to define high and low risk processes for workstations like we do for servers. So I went into the workstation section of this policy and made the switch, then I went in and populated some low risk processes, saved the policy, updated a client machine with the new policies, and fired up the console.

What I expected to see is the same thing I see on the server end - General Settings, Default Processes, Low-Risk Processes, and High-Risk Processes. What I see is General Settings, and All Processes. So here's my question...

Am I supposed to be seeing the same screen as the server side, or are the buttons just different for workstations? If I click on All Processes on the workstation, the radio button says "Use the settings on these tabs for all processes", which doesn't seem right, so when I click on "Use different settings for high-risk and low-risk processes", I see all of the entries and exclusions that I stuck into the policy.

What in the hell am I doing wrong here?
4 Replies

RE: Change to On-Access Default Processes Policies not taking effect...

Sorry for the thread resurrection but we are having exactly the same problem, and this saves me explaining it all again!

Using epo4, agent 4.0.1444, VirusScan 8.5i

Any suggestions?

RE: Change to On-Access Default Processes Policies not taking effect...

You're not going to like what I have to tell you. In our case, it was policy corruption.We submitted our database to McAfee and we're still dealing with them trying to find a way to clean out the corruption - short of just recreating all of the policies.

In our case the corruption was causing the policy to not take effect when it was applied at the highest level container (My Organization). I created a new policy and if you applied it lower in the tree, it worked like a charm. There was just something about that policy being enforced at the top level of the tree that caused the corruption and nothing to be applied properly.

So in our tree it basically went like this:
My Organization --> City Location --> and then sub categories for servers, laptops, and desktops.

Create a new policy and apply it at the "City Location" folder level, or whatever the equivelant is in your environment, and check your machines and see if they're getting the right exclusions. If it works, then try doing it at the top level "My Organization" and add a new exlusion just to make it slightly different, check for new policies on your hosts and see if they get the same information or if it gets the updates. If it doesn't, you probably have the same problem we have and you'll have to get engineering involved. If you do have the same problem, reply back and I'll give you our case number so they have a history to review.

RE: Change to On-Access Default Processes Policies not taking effect...

Thanks for the reply, it looks like we have the same issue. Not a huge deal to fix, I have just had to turn off inheritance at each level under My Organization, and apply the same default process policy at that node instead.

RE: Change to On-Access Default Processes Policies not taking effect...

Please, please, please open a ticket and let McAfee know about this. It will really help them if they know that I'm not the only customer having this problem - there's no telling how many others have had or will have this issue as well. Even if you have a work around enabled, you still have policy corruption and it's probably a good idea to get that resolved. Our case number is 3-606864675.