5 Replies Latest reply on Jun 23, 2017 4:04 PM by forsbergmn

    Endpoint Security access protection exclusion assistance

    nashcoop

      We recently started migrating systems from VirusScan 8.8 to McAfee Endpoint Security 10.5.1, Threat Prevention, and Advanced Threat Protection.  We're using EPO version 5.3.1 to manage systems.  I'm getting buried in alerts for the item below and have been unable to create a valid wildcard exclusion for ALL files and folders within the "CCMSETUP" subfolder.  I want to leave the rule enabled, but I don't want to receive alerts for this access protection rule for any files in this location "C:\WINDOWS\CCMSETUP\(exclude all files and subfolders)"

       

      Any assistance would be appreciated.  Thanks.

       

      Target File Name: C:\WINDOWS\CCMSETUP\(a wide variety of file names)

      Source Process Name: SYSTEM:REMOTE

      Threat Name: Access Protection rule violation detected and NOT blocked Remotely creating or modifying Portable Executable, .INI, .PIF file types, and core system