2 Replies Latest reply on Feb 11, 2013 9:15 AM by waynediesel

    I can not end a process

      Hello .

       

      to try to put a specific exclusion process in the Common Standard Protection. someone could help me.

       

      Bruno Caldasnaviagent.jpg

        • 1. Re: I can not end a process
          alexn

          Provided Screen short sheds that a  malicious procees, which is being stopped by VSE, if you trust this process and want it to be excluded, please attch Acces Protection Log, so I could direct you to made right exclusion.

          • 2. Re: I can not end a process

            Bruno -

             

            Here is what you need to do to exclude this process:

             

            • Open ePO
            • Select Policy Catalog
            • Under Products, select "VirusScan Enterprise 8.x" (if you have more than one version installed like 8.7 and 8.8 you will have to do this exclusion for each product)
            • Under Category, select "Access Protection Policies"
            • Click on the Access Protection policy that this process is gettings stopped by
            • Since this is a server, select "Settings for Server" at the top dropdown menu
            • Under "Access Protection Rules", click the "Common Standard Protection" category as this is the category that is being blocked in your screenshot
            • Select the "Prevent termination of McAfee processes" rule and "Edit"
            • Once in Edit, under "Processes to exclude" paste this name of the executable that is being blocked. In your case you would insert "Naviagent.exe" (without the quotes!)
            • Click Ok
            • Click Save
            • Send an Agent Wake Up Call to the affected machines.

             

            As Alex stated, you want to make sure that you are excluding the right processes and not just allowing anything to bypass the Access Protection rules. You should contact the server or application owner and learn more about what the "Naviagent.exe" process does and why it is attempting to stop McAfee processes. You will find that this may happen a lot in server environments, but you should rarely see a need to do this in workstation environments in my own experience. Proper understanding of applications and server processes will help you to determine what is a real threat in your environment and what can be filtered out.

             

            A properly configured Access Protection policy that is based on the server role/function can take a lot of stress off of the application while still maintaining a strong security posture.