This content has been marked as final. Show 6 replies
What is your security rep asking for? Are they asking that you turn the rule off all togeather or asking that they no longer be notified? You should be able to find the rule and its settings under "Automation" and the tab "Notification Rules".
I don't want to turn off all notification rules, for Access Protection, I just want to stop seeing the VMware related rules. These should be in the location I pointed out in the initial post I would think, but aren't there.
Then what you will need to put in an exception for the file that is triggering the access protection. If it just one server that is triggering the the alert then you can modify the policy for that specific machine. If you have multiple then you should create a policy with the exception and apply that policy to each of the machines that is producing the alert.
The access protection rules relating to vmare are only in vse 8.5 patch 5 and above
do you have a vse version itself higher than patch 5 with the higher than patch 5 naps checked into epo?
if not you wont see the rule in epo even if it appears on workstations which have got the patch from epo... if you get what i mean
so to correect check in a higher patch level nap for vse
Thanks very much for your reply, this looks like exactly what we're seeing. I'll post something to hopefully confirm your McAfee genius after we install/configure the hotfix.
Found out that it is PATCH 6 that is needed to see these rules.