The way I achieve this is to create a new group in system tree, and apply a new policy to that group only, breaking all inheritence.
The new policy has OAS disabled
it does work.
maybe there is another policy overiding it ?
Yeah I thought it must be another policy that over-rides it. I was interested really to see if there are logs that would give me more detail as to what policy the agent is applying so I could confirm if this was the case.
I will try creating a new group though if there isn't a way of getting more detail out of the system!
Are you running Host IPS or other McAfee products? I would try to reproduce the issue and look in the IPS Event Monitor to see if there is a recorded block.
We aren't running Host IPS yet, no other McAfee products are present on the system either, just the ePO agent and VSE 8.8. What I find odd is that the policy I have applied with custom exceptions etc has been taken successfully, it just won't apply the policy when I change it to OAS disabled. I guess that makes sense if that policy is being over-ruled by a different policy that won't allow the termination of McAfee processes.