2 Replies Latest reply on Mar 1, 2013 8:26 AM by spongetron

    AP triggers eventhough rule is disabled

    spongetron

      I have disabled the access protection rule "Anti-spyware Maximum Protection - Prevent execution of scripts from the Temp folder" in the VSE policy. But the clients still report AP rule violation events back to the ePO server. Does somebody have the same problem or know why this happens?

       

      I have a similar problem with the AP rule "Common Standard Protection - Prevent termination of McAfee processes". I added CcmExec.exe to the exclusions but i still get flooded with events that CcmExec.exe tried to terminate a McAfee process.

       

      Can somebody point me in the right direction?

       

      I use ePO 4.6.5 and VSE 8.8.0.975

        • 1. Re: AP triggers eventhough rule is disabled
          Attila Polinger

          Hi,

           

          I must ask: did you or did you not also disable the Log option ? If not, you'll get messages - with slightly different wording -  in the AP log, although they are for information only.

           

          If you have added exceptions to the rule no message should come afterwards. Maybe you did add exception within an ePO policy but that has not yet been, or cannot be, enforced on the client. Please check if the exception has appeared in the respective VirusScan registry key (Behaviourblocking) on the client.

           

          Attila

           

          Message was edited by: apoling on 01/03/13 12:03:46 CET
          • 2. Re: AP triggers eventhough rule is disabled
            spongetron

            The Logging Option is disabled too. The problem seems to be that the policy is not enforced on the clients! I will search in this direction.