We do one of two things.. Exclude that particular file from the Access Protection (click on the "Edit" button and add the process to the Exlude section..... or UNCHECK the specific Access Protection rule causing the issue in "Common Standard Protection". There's no need to disable Access Protection entirely.. Pick and choose which items work for you. We also remove one of the other "Common Standard Protection" entries, the "Prevent common files from running from Temp" which "reports only". It also can be a pain everytime a temp file runs.
Hope this helps.
The "Prevent termination of McAfee processes" rule is not supported on 64bits OS systems, but it will be with Patch 1 for VSE 8.7i
hmmm, that makes sense. i'm getting a lot of log notifications with regards to termination of mcafee processes. another installation on a vista 32 machine had no problems at all.
for the time being, i've taken the intial responders advice and modified ePO so I'm in a group by myself and added exceptions for the files i keep getting notified about.
You can find more info in KB53876 from McAfee Knowledge Base
hmmm, KB not working for me (FF and IE). https://kc.mcafee.com/corporate/index?page=content&id=KB53876 just seems to list recent and popular articles and clicking on any of those does the same. I'll try again later :)
Thanks for your help.
That's a copy/paste of this KB:
Common Standard Protection Rule: Prevent Termination of McAfee Processes, is triggered on 64-bit systems
Corporate KnowledgeBase ID: KB53876
Published: September 22, 2008
McAfee VirusScan Enterprise 8.7i
The access protection rule: Prevent Termination of McAfee Processes, is triggered on 64-bit systems under certain conditions, including computer startup.
VirusScan Enterprise 8.7i Access Protection Log report the following error:
Blocked by Access Protection rule NT AUTHORITY\SYSTEM C Windows\System32\svchost.exe C Program Files x86 \McAfee\VirusScan Enterprise\shstat.exe
Common Standard Protection Prevent termination of McAfee processes
Action blocked Terminate
VirusScan Enterprise 8.7i Access Protection Log file: C:\Documents and Settings\All Users\Application Data\McAfee\DesktopProtection\AccessProtectionLog.txt
A service which runs within SVCHost.exe (or a third-party process) is accessing and enumerating the running processes with a permission that allows them to terminate processes, though they may not actually be trying to terminate processes.
This is expected behavior. The Prevent Termination of McAfee Processes access protection rule is currently not supported on 64-bit systems.
The rule should be disabled (via ePolicy Orchestrator).
Environments not managed via ePolicy Orchestrator will receive a solution in Patch 1 for for VirusScan Enterprise 8.7i. This article will be updated when more information becomes available.
Some third-party applications, whose operation entails enumerating processes with the privilege to terminate processes, might cause for this rule to be triggered many times per minute depending on the application behavior.
yup, that covers it exactly :)
i feel happier now about disabling it foir the time being.