2 Replies Latest reply on Sep 29, 2009 8:47 AM by mindfrost82

    Script to temporarily disable Access Protection w/o ePo

      I'm an IT admin for a small business and we have McAfee 8.7i. Just recently I was forced to increase our Access Protection policies due to spyware and stuff infecting some of the computers. These are not centrally managed, so settings are on each desktop.

      I'm wanting to know if its possible to create a batch script or something that I could put on the user's desktop that will temporarily disable Access Protection for say 30 or 60 minutes so they could install something.

      I know this kind of defeats the purpose, but we can trust most of our users. And I would rather do this than to show them how to manually disable it since they might forget to turn it back on.

      Also, I'm blocking almost everything in Access Protection, with the exception of a few things we need for our apps to work. I notice it prevents Windows Updates from installing. Any way to add exceptions that would let these updates install?

      Thanks for any help!
        • 1. IMHO: Self-protective measures should not be temporarily removed via scripts
          rmetzger

          OK, so what I might do would be to bring a single system under your control back to the default McAfee VSE settings. Then one (1) parameter at a time, increase the 'Access Protection policies' testing their affect on getting Microsoft Updates. (Alternatively, change this PC from it's current policy back on 1 setting at a time until you isolate which one is causing MS Updates not to function properly.)

          Once you have isolated that policy change, I would test it on a user's environment for say, 1 month, past Patch Tuesday. Once convinced of this policy change, broaden the scope out somewhat and see how things go for those that did not get their updates recently, and document how things went.

          I know this might not be the answer you wanted, but I hope it is helpful.
          Ron Metzger
          • 2. RE: IMHO: Self-protective measures should not be temporarily removed via scripts
            That makes sense, thanks Ron.

            I'm actually waiting on Patch 2 and I'm going to try out the Artmeis thing to see how well it works if I enable in the On Access scans and the On Demand scans.

            Hopefully it'll protect us against the common threats I've seen so I can leave the Access Protection settings to the Standard Protection defaults (with a few exceptions).