One item I would recommend to check follows:
On the server go to C:\Documents and Settings\All Users\Application Data\McAfee\DesktopProtection\AccessProtectionlog.txt. Look for action blocked by user defined rule.
If you find a files that is being blocked, that you know is ok, in ePO select the server / group, Policies, Product, VSE 8.5.0, Category, open the policy for Access Protection Policies.
Change settings to server. Access protection rules, click User-defined Rules, highlight server and click edit.
Change the rule name to server or group name, If you don't do this you will not be able to click OK when you are finished.
Add the file name to Process to exclude, then click OK.
Save it, then click Edit assigment. break inheritance and assign the policy.
Once you have done this send an Agent wakeup call. Check the server to make sure it has received the new policy. Then test it.
Hope this helps.
Thank you for the response. Sorry I should have mentioned in my original post I have tried to add the process to the exclusions list and although I add it to the policy within the EPO console I have the same problem... it's not enforced on the problem server!
It’s almost as if the server has a different policy than the one I'm editing inside the EPO console but when you go the policy catalogue the policy I make the changes to says it has 1 assignment and lists my problem server!
I hope that makes sense?!
Any other ideas?
If you have the rule name listed as the server or group name try adding a one to the end of the name after you have added a new exclusion to the process to exclude. I have ran into this before, where the server seems like it has a different policy assigned.
Have your tried creating a new group setting the policies in the group with the exclusions needed, and then moving the server to the new group? Once the server is in the new group, send an Agent wakeup call to apply the policies of the new group.
Hope this helps.
Thanks for the quick response.
The policy name is different to the server name and the group name.
I have just created a new group, assigned the policy to the group and added the server to the group. I then got the server to inherit the policy from the new group but again this did not work its very strange I can't see or think of anything that would be causing this!
another thought, Access protection policies, Server, Anti-virus Standard Protection, is Prevent mass mailing worms from sending mail Block unchecked?
As a last resort, if you can on the server, try uninstalling AV and pushing it out from the new group you added the server to. If you can't do this it may be time to call support.
Hope this helps
I can't uninstall the AV from the server I think I will give McAfee a call on Monday!
Thanks for your help you
Have a good weekend,
This is down to the EPO server still using 3.6.1 - I'm in the process of upgrading this.