I want to be able to edit the default McAfee rules in the ENSTP-Access Protection Rules. I have set up my own policies, but I don't have full edit capabilities to the McAfee created rules. This causes us headaches because we are not able to adjust the rules per user or files like we are able to do for rules that we have created ourselves. Why are these default rules still locked when we are editing our own policy?
I can't even delete them like I can my own rules that I have created. And rather than re-invent the wheel, I'd like to just adjust these rules to match my environment. Is this a bug?
The first three rules are ones I have created, and you can see I can edit and delete them.
Once inside the rule settings, I have cool options based on users and subrules:
None of this exists for the default set of McAfee rules. I can't delete them:
And while I can edit them, it is only in an extremely reduced way of only including/excluding executables:
Seems like a great feature that is hobbled by some horrible decision. I can't even alert on signature id 1092 because of all the "bad" alerts from the default McAfee rules. Have I got a setting wrong somewhere else or is this how it currently is supposed to work in ENSTP 10.5.2 and ePO 5.3?