2 Replies Latest reply on Nov 29, 2010 9:28 AM by Regis

    On Access Scanner setting amendments revert after a few minutes

      Hi, I cannot get setting I create in On Access Scanner to stick. I initially tried to set it to 'disable' but it reverted back to 'enable' after a few minutes and the same happened when I tried to exclude certain drives from being scanned. Can someone tell me why this is happening please as I'm not finding any answers so far. Thanks

       

      EPO4.0

       

       

      Message was edited by: Gareth789 on 26/11/10 10:04:44 CST
        • 1. Re: On Access Scanner setting amendments revert after a few minutes

          It sound's like you are modifying settings on a local VirusScan console while the McAfee Agent enforces the ePO Rules latest on its next asci.

           

          If you want to test you could end the frameworkservice.exe (AP needs to be off normally)

           

          My apologies if you have another isue than above

          • 2. Re: On Access Scanner setting amendments revert after a few minutes
            Regis

            In ePO, in the McAfee Agent policy, there's a setting for "policy enforcement interval."     In the one we work with, it's 5 minutes, which may very well be the default.  This setting tells the mcafee framework agent  how often to make sure that all the locally isntalled mcafee cruft has the settings that  the ePO administrator has deemed it should.

             

            One of the effects of that policy enforcement interval is that when you disable on access protection, the policy enforcement interval will turn that baby back on.

             

            If you have a legit reason to turn off the on access agent, if you want it to stick, you might make a sub-group of that workstations current group where in mcafee agent policy, the enforcement interval is much longer.  This can be useful for infected machines you need to work on.   Where I fight with it often is when I have to gather a virus sample to submit as a potential false positive.  You have to have OAS disabled to restore the file out of quarantine, and you're always fighting the enforcement interval and hoping you get the file restored and zip/encrypted  in time before the policy enforcement interval turns oas back on again and redetects the sample you're working with.

             

            In ePO you'lll find this under system tree, assigned policies tab, mcafee agent, click on teh policy and it's in the General tab of Agent policy  (General options:  Policy enforcement interval (minutes).

             

            Oh, and ePO 4.5 is a happier place to be for whatever it's worth.   A lot of the interface irritations of ePO 4.0 are addressed.  I'm sure it's on your radar, but it's one of those upgrades that is definitely worth it in terms of creature comforts.

             

             

            Message was edited by: Regis on 11/29/10 9:28:51 AM CST