cancel
Showing results for 
Search instead for 
Did you mean: 

Help with policy exclusion

Jump to solution

Running ENS 10.6.1 with ePO 5.10.

I have a server that collects and stores uploaded video.  I connect to that server via browsers from client machines to view video. When we try to export the video (download to local computer or burn to disc), we get a violation of an Access Protection Rule:

 

NT AUTHORITY\SYSTEM ran SYSTEM:REMOTE, which tried to access

W:\(path)\autorun.inf, violating the rule "Remotely creating autorun files" and was blocked.

If I disable the rule regarding "remotely creating autorun files" under Access Protection, then I can export video from my clients.

I've tried everything I can think of for file exclusions inside that rule, and I cannot get it to work without the rule disabled.  Can anyone provide any assistance?

Thanks

1 Solution

Accepted Solutions
McAfee Employee cdinet
McAfee Employee
Report Inappropriate Content
Message 2 of 4

Re: Help with policy exclusion

Jump to solution

Unfortunately, when the process listed is system:remote, there is no way to add any process exclusion because the server has no way to know what that remote process is.  You would have to disable that rule for it to work.  If it was a local process, you could exclude that local process in the rule so it doesn't apply when that process is doing the downloading.  But that isn't the case.  How many users download the videos that way?  Do the files download anyway, just not the autorun.inf? 

The downside of that, is a lot of malware use autorun.inf to distribute viruses across network shares.  You can, however, set up a Windows policy to prevent executing autorun.inf.  For better info on things around this, you might want to post in the ENS/VSE forum that has more familiarity with those rules.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

3 Replies
McAfee Employee cdinet
McAfee Employee
Report Inappropriate Content
Message 2 of 4

Re: Help with policy exclusion

Jump to solution

Unfortunately, when the process listed is system:remote, there is no way to add any process exclusion because the server has no way to know what that remote process is.  You would have to disable that rule for it to work.  If it was a local process, you could exclude that local process in the rule so it doesn't apply when that process is doing the downloading.  But that isn't the case.  How many users download the videos that way?  Do the files download anyway, just not the autorun.inf? 

The downside of that, is a lot of malware use autorun.inf to distribute viruses across network shares.  You can, however, set up a Windows policy to prevent executing autorun.inf.  For better info on things around this, you might want to post in the ENS/VSE forum that has more familiarity with those rules.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

Re: Help with policy exclusion

Jump to solution

Only one or two users download videos, but with the rule enabled, the entire export job fails.

Thanks for the info on the process. I will post in ENS/VSE to see what their opinion is.  Thank you.

Highlighted
McAfee Employee cdinet
McAfee Employee
Report Inappropriate Content
Message 4 of 4

Re: Help with policy exclusion

Jump to solution

Ok, good deal.  I would suggest setting up a policy just for those users to disable that rule.  That's pretty much your only workaround unless you can find a way to prevent that file from even being created in your video files.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

More McAfee Tools to Help You

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community