4 Replies Latest reply on Mar 29, 2012 2:17 PM by KimNNH

    Is it possible to update the local on-demand scan settings through ePO 4.6?

      I would like to change the Global Threat Intelligence setting from very low to medium on the local systems for the on-demand scans a user runs.  I have set this on the on-demand scans that are run as a client task. 

      The machines are all running VSE 8.8 and Agent 4.6

      Is that possible through ePO 4.6 or is there some other way to send this setting to the machines? I'd like to do this without visiting each system and logging as an admin.

      Thank you

        • 1. Re: Is it possible to update the local on-demand scan settings through ePO 4.6?
          joeleisenlipz

          I believe the settings used by the default "Full Scan", "Quick Scan" and default scan task are all stored in the Registry, rather than enforced through policy. I would expect that the only way to modify the setting would be to change those Registry values.

           

          I had limited success doing this with the McAfee Installation Designer, but then patches that were applied later would wipe-out the altered values. So I would stick to something like a batch file or logon script to change the value you're looking for.

           

          Try something like...

          reg query \\localhost\HKLM\Software\McAfee\DesktopProtection\Tasks\{A14CD6FC-3BA8-4703-87B F-E3247CE382F5} /v dwHeuristicNetCheckSensitivity

           

          I believe the values are...

               0     Very Low

               1     Low

               2     Medium

               3     High

               4     Very High

          ffffffff    Disabled

           

          --Joel

          • 2. Re: Is it possible to update the local on-demand scan settings through ePO 4.6?

            Joel, that was exactly what I needed. I was able to create a regedit to change the locally controlled onDemand and targeted tasks to medium:

             

            REGEDIT4

            [HKEY_LOCAL_MACHINE\Software\McAfee\DesktopProtection\Tasks\{21221C11-A06D-4558- B833-98E8C7F6C4D2}]
            "dwHeuristicNetCheckSensitivity"=dword:00000002

            [HKEY_LOCAL_MACHINE\Software\McAfee\DesktopProtection\Tasks\{F8D48FD9-F56E-4808- BC50-7EDC60AF76AB}]
            "dwHeuristicNetCheckSensitivity"=dword:00000002

             

            To run it, I log on a machine as an admin, stop the Access protection in the console and run it manually. 

             

            Now what I'd like to do is send this out using BigFix but I haven't figured out how to stop Access Protection. I was hoping that it would install when no-one was logged on the machine but, and I'm guessing, Access Protection starts when the machine starts - even if no use is logged on so it didn't work.

             

            Any idea if sending it out using group policy as an on-boot bat file work?  I'll give it a try but if you have given it a try, please let me know.

             

            thank you

            • 3. Re: Is it possible to update the local on-demand scan settings through ePO 4.6?

              There were 2 more keys I had to include in my regedit to change the heuristics to medium for the Full, Targetedand right-click-onDemand scans with a regedit.

               

              1. log on to machine as an admin

              2. open McAfee console and stop Access Protection

              3. run a regedit with the following changes:

              REGEDIT4

              [HKEY_LOCAL_MACHINE\Software\McAfee\DesktopProtection\Tasks\{21221C11-A0

              6D-4558-B833-98E8C7F6C4D2}]

              "dwHeuristicNetCheckSensitivity"=dword:00000002

              [HKEY_LOCAL_MACHINE\Software\McAfee\DesktopProtection\Tasks\{A14CD6FC-3B

              A8-4703-87BF-E3247CE382F5}]

              "dwHeuristicNetCheckSensitivity"=dword:00000002

              [HKEY_LOCAL_MACHINE\Software\McAfee\DesktopProtection\Tasks\{F8D48FD9-F5

              6E-4808-BC50-7EDC60AF76AB}]

              "dwHeuristicNetCheckSensitivity"=dword:00000002

              [HKEY_LOCAL_MACHINE\Software\McAfee\DesktopProtection\DefaultTask\]

              "dwHeuristicNetCheckSensitivity"=dword:00000002

              4. reboot

               

              I do have to do this by going to each machine b/c (for security reasons) there is no way to stop access protection remotely.

              • 4. Re: Is it possible to update the local on-demand scan settings through ePO 4.6?

                Update -  Windows 7 -64-bit has 4 additional keys:

                 

                [HKEY_LOCAL_MACHINE\Software\Wow6432Node\McAfee\DesktopProtection\Tasks\{21221C1 1-A06D-4558-B833-98E8C7F6C4D2}]

                "dwHeuristicNetCheckSensitivity"=dword:00000004

                [HKEY_LOCAL_MACHINE\Software\Wow6432Node\McAfee\DesktopProtection\Tasks\{A14CD6F C-3BA8-4703-87BF-E3247CE382F5}]

                "dwHeuristicNetCheckSensitivity"=dword:00000004

                [HKEY_LOCAL_MACHINE\Software\Wow6432Node\McAfee\DesktopProtection\Tasks\{F8D48FD 9-F56E-4808-BC50-7EDC60AF76AB}]

                "dwHeuristicNetCheckSensitivity"=dword:00000004

                [HKEY_LOCAL_MACHINE\Software\Wow6432Node\McAfee\DesktopProtection\DefaultTask\]

                "dwHeuristicNetCheckSensitivity"=dword:00000004

                 

                this example changes all to "4" for very high