cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

McAfee blocking GPO auditing settings of McAfee directories

Jump to solution

Hello all,

My security folks have required me to add auditing settings for %ProgramFiles%\McAfee and %ProgramFiles(x86)%\McAfee however these fail to apply as confirmed in RSOP and manual inspection of the folders' security settings.  The only thing I can think is that McAfee is protecting its own installation directories from modification, however it is causing me to fail an audit.

The only workaround I can fathom would be to uninstall McAfee and the management agent, manually create the folders, allow the GPOs to apply, and then repush the agant and products in ePO.  But I really don't want to do that?

Can anyone suggest another way to get McAfee to allow GPOs to set permissions and auditing on its install directory?

Thanks!

1 Solution

Accepted Solutions
Highlighted

Re: McAfee blocking GPO auditing settings of McAfee directories

Jump to solution

It sounds like you figured out what I would agree is the best answer.  Disable that Access Protection setting until the GPO settings take affect.  As for new machines, this is where you could be creative and use some tagging to help automate the process.  It all depends on your current setup, how you use the System Tree etc., but maybe you can get an idea from this.  Any time a new system is added to the system tree, have it tagged as a new system.  Use a Policy Assignment Rule to assign a VSE policy with that AP rule disabled.  Depending on how your GPOs are applied, you could change the tag either the next day, or based on some other means, to a tag that applies your standard VSE policy with the AP rule back in place.  You can really extend this logic to do other things, quarantine a new system until all products are installed that you own, etc.

View solution in original post

5 Replies

Re: McAfee blocking GPO auditing settings of McAfee directories

Jump to solution

McAfee does protect it's own directories from being altered. which could happen with an infection, it's called Access Protection.  However, how to control that varies between home and Enteprrise and it sounds like you are using the latter.  Can you clarify please what McAfee product you are using?

Highlighted

Re: McAfee blocking GPO auditing settings of McAfee directories

Jump to solution

Thanks for your help!

I am using VSE 8.8.0p2 against McAfee ePO 5.0.1 with the latest 5600 scan engine.

I think I know which access protection settings your talking about... the ones in common standard protection, right?  I hate to turn those off, but perhaps if I do so temporarily and allow the settings to apply all would sort out... until I build another box that is!

Of course I could always create GPO settings to create the empty folder if it doesn't exist as part of my build process, apply the settings, and then pushout via ePO....

Sorry, I'm new here, it seems I posted this in the home and home office section... feel free to move it to VSE.

Message was edited by: justinmercier on 1/7/14 2:10:54 PM CST
Highlighted

Re: McAfee blocking GPO auditing settings of McAfee directories

Jump to solution

OK I know nothing about most Enterprise products so have moved this provisionally to ePO for better support.

Highlighted

Re: McAfee blocking GPO auditing settings of McAfee directories

Jump to solution

It sounds like you figured out what I would agree is the best answer.  Disable that Access Protection setting until the GPO settings take affect.  As for new machines, this is where you could be creative and use some tagging to help automate the process.  It all depends on your current setup, how you use the System Tree etc., but maybe you can get an idea from this.  Any time a new system is added to the system tree, have it tagged as a new system.  Use a Policy Assignment Rule to assign a VSE policy with that AP rule disabled.  Depending on how your GPOs are applied, you could change the tag either the next day, or based on some other means, to a tag that applies your standard VSE policy with the AP rule back in place.  You can really extend this logic to do other things, quarantine a new system until all products are installed that you own, etc.

View solution in original post

Highlighted

Re: McAfee blocking GPO auditing settings of McAfee directories

Jump to solution

Thanks Chris.  I am not too savvy with the newer 'tagging' feature of ePO but should be able to figure it out.  I like the idea of being able to target the reduced AP setting rather than turn it off across the board, even temporarily.

Thanks again!

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community