1 2 Previous Next 16 Replies Latest reply on Apr 7, 2010 6:30 AM by cahmadh

    MaCafee blocked almost 100 registry values!

      Hi,

       

      I have McAfee Enterprise on the server which i recently installed. The issue is i have symantec backup sever and Symantec backup utility is intalled on the server. MaCafee is blocking the utility to take the backup. In the accessprotectionlog its showing that the registry access is blocked.

       

      How i can give registry access to this application as its very important?


      Thanks in advance

        • 1. Re: MaCafee blocked almost 100 registry values!

          Hello, maybe you should exclude your backup process?

           

          https://kc.mcafee.com/corporate/index?page=content&id=KB67544

          • 2. Re: MaCafee blocked almost 100 registry values!

            Thanks for replying..actually i dont have ePO 4.5 console installed i believe. I have just installed the antivirus.

             

            Is it comes with the antivirus? if yes how to access this?

             

            Thx

            • 3. Re: MaCafee blocked almost 100 registry values!

              it will be easier when you write what DO you have - and not what don't.

               

              Virus Scan Console -> On Access Scanner -> Properties

               

              Greetings

              A.

               

              Understanding High-Risk, Low-Risk, and Default processes configuration  and usage:

               

              https://kc.mcafee.com/corporate/index?page=content&id=KB55139

               

               

              Nachricht geändert durch andydu on 24.03.10 12:55:57 GMT+01:00
              • 4. Re: MaCafee blocked almost 100 registry values!

                Actually, the issue is caused by the "Access Protection", not the scanner.

                 

                VirusScan Console, Access Protection.

                 

                You will probably need to add in the file name of the Symantec backup to the exemptions list for the rules that are triggering.

                1 of 1 people found this helpful
                • 5. Re: MaCafee blocked almost 100 registry values!

                  Yes, you are probably right, the option is there. Let me add some inclusion and then see what happens.

                  • 6. Re: MaCafee blocked almost 100 registry values!

                    Cahmadh,

                     

                     

                    The exact reason this is hapening is because of the Access protection policy that you have set.

                     

                    Under the Access protection, Go to the Antivirus Standard Protection :- Prevent registry editor and taskmanager from being disabled. Deselect that option and you will see a lot of Access protection alerts going down in a big way.

                     

                    Or, If you still want to keep that option active but want the scanner to stop blocking the Symantec Service, Then please exclude that particulat process. Under the On Access Scanner settings. To get a better understanding of how the exclusions work and what kind of high and low processes can be excluded, please take a look ath this Url.

                     

                    https://kc.mcafee.com/corporate/index?page=content&id=KB66909

                     

                     

                    Please revert with the update.

                     

                     

                    Sameer

                    • 7. Re: MaCafee blocked almost 100 registry values!

                      Thanks you for your reply, i am still observing the backup. Yesterday backup again failder i am checking the log and will revert back to you.

                      • 8. Re: MaCafee blocked almost 100 registry values!

                        Dear Sameer,

                         

                        There is no tick mark on the Block or Report column under standard protection --> Prevnet registry editor and task manager from being disabled. So i have not set that policy its by default like this...Do you want me to change something in it?

                         

                        Following are SOME of the accessprotection logs for your reference

                         

                        3/26/2010    7:45:28 PM    Would be blocked by Access Protection rule  (rule is currently not enforced)     NT AUTHORITY\SYSTEM    C:\Program Files\Symantec\Backup Exec\RAWS\beremote.exe    \REGISTRY\MACHINE\SOFTWARE\VMware, Inc.\VMware VirtualCenter    Virtual Machine Protection:Prevent modification of VMWare Workstation files and settings    Action blocked : Write
                        3/26/2010    11:45:29 PM    Would be blocked by Access Protection rule  (rule is currently not enforced)     NT AUTHORITY\SYSTEM    C:\Program Files\Symantec\Backup Exec\RAWS\beremote.exe    \REGISTRY\MACHINE\SOFTWARE\VMware, Inc.\VMware VirtualCenter    Virtual Machine Protection:Prevent modification of VMWare Workstation files and settings    Action blocked : Write
                        3/27/2010    3:45:29 AM    Would be blocked by Access Protection rule  (rule is currently not enforced)     NT AUTHORITY\SYSTEM    C:\Program Files\Symantec\Backup Exec\RAWS\beremote.exe    \REGISTRY\MACHINE\SOFTWARE\VMware, Inc.\VMware VirtualCenter    Virtual Machine Protection:Prevent modification of VMWare Workstation files and settings    Action blocked : Write
                        3/27/2010    7:45:29 AM    Would be blocked by Access Protection rule  (rule is currently not enforced)     NT AUTHORITY\SYSTEM    C:\Program Files\Symantec\Backup Exec\RAWS\beremote.exe    \REGISTRY\MACHINE\SOFTWARE\VMware, Inc.\VMware VirtualCenter    Virtual Machine Protection:Prevent modification of VMWare Workstation files and settings    Action blocked : Write

                         


                        Please let me know where i can give access to the above programe. Becaue Symantec backup utility have many processes running i can not give access to everyprocess one by one.

                         


                        Waiting for you reply. cahmadh

                        • 9. Re: MaCafee blocked almost 100 registry values!

                          Cahmadh,

                           

                           

                          Now I know what is going on here.

                           

                          Please open up the Access Protection and then go to the Vmware and Virtual Machine protection tab. There you will see that be default, All the columns are checked. Please deselect those and test if this stos these alerts and then we will figureout a way to deal this way.

                           

                          Please let me know what is the outcome.

                           

                           

                          Sameer

                          1 2 Previous Next