4 Replies Latest reply on May 11, 2012 3:08 AM by mherby

    Disabling OAS With a Policy

    mherby

      Hi,

       

      I've been trying to disable OAS on a system using a specific policy with Access Protection turned off so when we need to, it can be disabled. However, when I apply this policy to a test system nothing actually happens, it continues to enforce the previous policy and prevent OAS from being disabled. I've had to temporarily remove the ePO agent from the system in order to disable OAS. I've set the single agent to break inheritance and assigned the 'Access Protection Off' policy but no joy. Is there somewhere I can check why the policy isn't being applied or a log file that would indicate what policy the agent thinks its applying? Any assistance would be very appreciated, thanks in advance.

       

      Using ePO 4.6

      VSE 8.8

        • 1. Re: Disabling OAS With a Policy

          The way I achieve this is to create a new group in system tree, and apply a new policy to that group only, breaking all inheritence.

           

          The new policy has OAS disabled

           

          it does work.

           

          maybe there is another policy overiding it ?

           

          a

          • 2. Re: Disabling OAS With a Policy
            mherby

            Yeah I thought it must be another policy that over-rides it. I was interested really to see if there are logs that would give me more detail as to what policy the agent is applying so I could confirm if this was the case.

             

            I will try creating a new group though if there isn't a way of getting more detail out of the system!

            • 3. Re: Disabling OAS With a Policy
              greatscott

              Are you running Host IPS or other McAfee products? I would try to reproduce the issue and look in the IPS Event Monitor to see if there is a recorded block.

              • 4. Re: Disabling OAS With a Policy
                mherby

                We aren't running Host IPS yet, no other McAfee products are present on the system either, just the ePO agent and VSE 8.8. What I find odd is that the policy I have applied with custom exceptions etc has been taken successfully, it just won't apply the policy when I change it to OAS disabled. I guess that makes sense if that policy is being over-ruled by a different policy that won't allow the termination of McAfee processes.