0 Replies Latest reply on Aug 31, 2017 11:14 AM by brentil

    ENS 10.5.2 MA Quick Settings Disable ignores password requirement

    brentil

      I've reported this as a defect to McAfee but I wanted to warn any admins before implementing this new feature.

       

      From the 10.5.2 Release Notes they added MA quick settings like we've had in VSE & HIPS for a while.

       

      Threat Prevention enhancements

      • Adds the option for disabling Endpoint Security scanners to the Quick Settings menu, accessed from the McAfee system tray icon.

       

      Adaptive Threat Protection enhancements

      • Adds the option for disabling Endpoint Security scanners to the Quick Settings menu, accessed from the McAfee system tray icon.

       

      However, if you have your ENS locked down via the ePO -> Policies -> Endpoint Security Common -> Options -> Client Interface Mode -> Enable = Lock client interface (Windows & Mac only) & set a password it ignores this password requirement allowing any user with desktop level access to disable ENS On-Access scanning.  The disable for ATP seems broken though as nothing changes.

       

      Your enforcement policies will enable it again on the next enforcement time but the user can just disable it again.

       

      With VSE & HIPS these options would be grayed out if you had a password set.

       

      So use at your own risk.