7 Replies Latest reply on Feb 25, 2010 10:46 AM by JoeHodkinson

    EPO agent not enforcing access protection policy

      We have a problem with EPO not enforcing an access protection policy on one of our servers. We have a need to disable to 'Prevent sending of email' attribute within a policy and although the policy assigned to the server has this disabled when you look within the virus console (and the access protection log) the attribute is still set to clock.

       

      I have recreated the policy (both by duplicating the one that was not working originally and by creating a new policy from scratch but both have the same effect.) I have also triple checked by usual mistake of making the change on the workstation tab... I have defiantly been doing it on the server tab.

       

      I have obviosuly used the agent and clicked the top four buttons to enforce the policies etc.

       

      The server is a Xeon Intel with virus scan 8.5.0i and patch level 8. The EPO agent is 4.5.0.1270

       

      Any help would be great as it’s really got me stuck.

       

      Thanks, Joe

        • 1. Re: EPO agent not enforcing access protection policy
          mrandolp

          Good morning,

          One item I would recommend to check follows:

          On the server go to C:\Documents and Settings\All Users\Application Data\McAfee\DesktopProtection\AccessProtectionlog.txt. Look for action blocked by user defined rule.

           

          If you find a files that is being blocked, that you know is ok, in ePO select the server / group, Policies, Product, VSE 8.5.0, Category, open the policy for Access Protection Policies.

          Change settings to server.  Access protection rules, click User-defined Rules, highlight server and click edit.

           

          Change the rule name to server or group name, If you don't do this you will not be able to click OK when you are finished.

          Add the file name to Process to exclude, then click OK.

          Save it, then click Edit assigment. break inheritance and assign the policy.

          Once you have done this send an Agent wakeup call.  Check the server to make sure it has received the new policy.  Then test it.

           

          Hope this helps.

          Mike

           

           

          Message was edited by: mrandolp on 2/19/10 7:39:37 AM GMT-06:00
          • 2. Re: EPO agent not enforcing access protection policy

            Hello Mike!

             

            Thank you for the response. Sorry I should have mentioned in my original post I have tried to add the process to the exclusions list and although I add it to the policy within the EPO console I have the same problem... it's not enforced on the problem server!

             

            It’s almost as if the server has a different policy than the one I'm editing inside the EPO console but when you go the policy catalogue the policy I make the changes to says it has 1 assignment and lists my problem server!

             

            I hope that makes sense?!

             

            Any other ideas?

             

            Thanks, Joe

            • 3. Re: EPO agent not enforcing access protection policy
              mrandolp

              Joe,

                   If you have the rule name listed as the server or group name try adding a one to the end of the name after you have added a new exclusion to the process to exclude.  I have ran into this before, where the server seems like it has a different policy assigned.

               

              Have your tried creating a new group setting the policies in the group with the exclusions needed, and then moving the server to the new group?  Once the server is in the new group, send an Agent wakeup call to apply the policies of the new group.

               

              Hope this helps.

              Mike

              • 4. Re: EPO agent not enforcing access protection policy

                Hello Mike,

                 

                Thanks for the quick response.

                 

                The policy name is different to the server name and the group name.

                 

                I have just created a new group, assigned the policy to the group and added the server to the group. I then got the server to inherit the policy from the new group but again this did not work its very strange I can't see or think of anything that would be causing this!

                 

                Thanks, Joe

                 

                 

                • 5. Re: EPO agent not enforcing access protection policy
                  mrandolp

                  Joe,

                       another thought, Access protection policies, Server, Anti-virus Standard Protection, is Prevent mass mailing worms from sending mail Block unchecked?

                   

                  As a last resort, if you can on the server, try uninstalling AV and pushing it out from the new group you added the server to.  If you can't do this it may be time to call support.

                   

                  Hope this helps

                  Mike

                  • 6. Re: EPO agent not enforcing access protection policy

                    I can't uninstall the AV from the server I think I will give McAfee a call on Monday!

                     

                    Thanks for your help you

                     

                    Have a good weekend,

                     

                    Joe

                    • 7. Re: EPO agent not enforcing access protection policy

                      This is down to the EPO server still using 3.6.1 - I'm in the process of upgrading this.