1 Reply Latest reply on Nov 20, 2017 3:56 PM by woody188

    Endpoint Security access protection exclusion Remotely creating or modifying Portable Executable

    stemax1

      I need help. i don't understand this event:

       

      Event name:    Remotely creating or modifying Portable Executable, .INI, .PIF file types, and core system locations

      path:    C:\USERS\Xuser\dominio\APPDATA\LOCAL\MICROSOFT\ONEDRIVE\17.3.6381.0405\ETWLOG.D L

                   C:\USERS\Xuser\APPDATA\LOCAL\MICROSOFT\ONEDRIVE\17.3.6381.0405\FILECOAUTH.EXE

                     C:\USERS\Xuser\APPDATA\LOCAL\MICROSOFT\WINDOWS SIDEBAR\SETTINGS.INI

                   ecc.....

       

      They take so many events of this kind. In my opinion, Do you think I can create exclusions?
      The event in question generates many events on my console and I can not handle the exceptions properly

       

      there is an official document telling McAfee what exclusions we have to create?

       

      many tnx