5 Replies Latest reply on Oct 29, 2009 6:37 AM by maman

    Access Protection & Logmein Problems

      Hello All,
      I am about to go insane from reading manuals and getting nowhere.

      Systems: EPO 4.0 (Patch3), Mcafee AV 8.5i (Patch 7)

      The problem that I have is I wan't to "Prevent common programs from running files from the Temp folder" BUT we use a piece of software called LogMeIn Rescue (probbably come accross it)
      The problem comes when a user enters a pin code they download a small app called "Support-LogMeInRescue.exe"
      They click run then are hit by the message "Windows cannot access the specified device, path or file"

      I have tried adding this app name in both the processes to include & processes to exclue but no matter where I put the file name AV constantly blocks it.
      The only way I have found to unblock it is to but a * in the processes to exclude.

      Hope you can help as I am confused :confused:

      Regards

      Rob Hunton
        • 1. RE: Access Protection & Logmein Problems
          Sorry, but you've posted in the old "retail" VirusScan 8 forum.. Because you're using a corporate ENTERPRISE version of McAfee, I'll move your topic to the "Desktop and Server" forum where you should receive more responses.. You can access your thread from either forum location:

          In the meantime, why not simply remove the check mark from the Access Protection/Common Standard Protection box that causes the problem?.. We do here.. Many of our programs run from the Temp folder and even when it's set to "warn", it causes problems.

          Hope this helps.

          Grif
          • 2. RE: Access Protection & Logmein Problems
            tonyb99
            or if you still need to keep the rule then....

            Disable the block on the rule but leave on report

            When you have successfully connected via logmein check back in the access protection log and get the exact name of the files being used to include in you processes to exclude.

            Alter rule to reflect this
            • 3. Configuring Access Protection to block users from changing hostname
              Hi,

              Basically, I need to block users from changing the hostname on their workstation for it is one of major reasons of high failure rate during agent deployment via epo. Customer send as the list of workstation to be deployed but after investigating, we found out that users already rename their PC's as they logged as the local admin. Moreover, it is tedious to ping them one by one...and this is not totally efficient on how can we verify if the wokrastation name still exist..

              I configured user-defined rule to block the registry key (HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ComputerName\ComputerName\ ComputerName)...but does not taking effect...

              hope someone might help on this...:(
              • 4. RE: Configuring Access Protection to block users from changing hostname
                We cure such problems here by severely limiting the user rights for ALL our users.. We have a few thousand people which have user rights on our agency computers but VERY few have admin rights, (the rest are power users or less), and only one or two folks have the ability to "Add workstations on a domain" to the network.. Should any user with admin rights inappropriately change a computer name, they lose all network access and stop receiving email, access to network shares, and all other such things. They learn in a hurry what is forbidden.

                If you can't adjust the user permissions to limit changes, then given admin privileges to lots of people will continue to cause the problem. Although not necessary here, you might look into creating a Group Policy.

                Hope this helps.

                Grif
                • 5. RE: Configuring Access Protection to block users from changing hostname
                  thanks.. grif..

                  yeah, someone already advised me on that but customer is pushy on this..:(