1 Reply Latest reply on Nov 20, 2017 3:56 PM by woody188

    Endpoint Security access protection exclusion Remotely creating or modifying Portable Executable


      I need help. i don't understand this event:


      Event name:    Remotely creating or modifying Portable Executable, .INI, .PIF file types, and core system locations

      path:    C:\USERS\Xuser\dominio\APPDATA\LOCAL\MICROSOFT\ONEDRIVE\17.3.6381.0405\ETWLOG.D L





      They take so many events of this kind. In my opinion, Do you think I can create exclusions?
      The event in question generates many events on my console and I can not handle the exceptions properly


      there is an official document telling McAfee what exclusions we have to create?


      many tnx