I need help. i don't understand this event:
Event name: Remotely creating or modifying Portable Executable, .INI, .PIF file types, and core system locations
path: C:\USERS\Xuser\dominio\APPDATA\LOCAL\MICROSOFT\ONEDRIVE\17.3.6381.0405\ETWLOG.D L
They take so many events of this kind. In my opinion, Do you think I can create exclusions?
The event in question generates many events on my console and I can not handle the exceptions properly
there is an official document telling McAfee what exclusions we have to create?
These are McAfee's default Access Protection Rules. You can include/exclude files from these rules and set them to report, block or both, but that's about it. I'm hoping an update will open these rules up to editing so they can be customized as much as the rules we create on our own.