5 Replies Latest reply: Mar 11, 2014 2:47 PM by dcobes RSS

    How do I temporarily turn off Access Protection via command line or API?

    bcookwellpet

      Hey all,

       

      I have done a bit of searching and found a number of threads but no real answer to this question.

       

      Is there a way to temporarily disable (and afterwards re-enable) Access protection via a command line or using an API? I am thinking about developing an app for work that will check for updates for a number of programs and update them if new versions are found (but if I can't disable McAfee then this entire project would be useless). With the way that our VirusScan Enterprise 8.8 is set up through ePo pretty much nothing can be run without disabling AP. Currently, to disable AP, I need to unlock the UI with a password and then disable AP. I am trying to find a way to automate this whether by command line or API.

       

      Any advice anyone has would be helpful.

       

      Thanks!

        • 1. Re: How do I temporarily turn off Access Protection via command line or API?
          rmetzger

          Hi,

           

          Welcome to the forums.

           

          I know of several hacks that would work for you, however, discussing such techniques on this public forum I am sure is against TOS of McAfee. These techniques could be used by others to disable the protective services you fighting. Disabling AP is suppose to be difficult, by design. And I for one, would like to keep it that way.

           

          Further, I would not wish other, potential malware writers, to gather these techniques for their nafarious use. Once these techniques are public, McAfee would have to lock them down, thus rendering that technique useless to you.

           

          My suggestion would be to contact your McAfee Support Rep and discuss your needs directly.

           

          Good luck and have fun.

          Ron Metzger

          • 2. Re: How do I temporarily turn off Access Protection via command line or API?
            Attila Polinger

            Hi,

             

            I'm wondering if sending down exclusions to the respective AP rules thorugh ePO is a viable way to you - considering that you are developing an app that in turn runs updates of other apps, so you might have time to finetune this. I would assume that the processes performing the actual updates do not change very often or their number stays below acceptable limits or they can even be specified using joker characters.

             

            Just wondering...

             

            Attila

            • 3. Re: How do I temporarily turn off Access Protection via command line or API?
              bcookwellpet

              I think I may consider setting an exception. It seems the easiest way to get around our lockdown.

               

              @rmetzger, I completely understand and would not want any more malware writers trying to get around that protection. I know from experience how much of a pain it is simply removing malware in the first place.

               

              Thank you both for your replies.

              • 4. Re: How do I temporarily turn off Access Protection via command line or API?
                rmetzger

                Your Welcome!

                 

                Good luck.

                Ron Metzger

                • 5. Re: How do I temporarily turn off Access Protection via command line or API?
                  dcobes

                  I know this is a bit old, but thought I'd chime in before this was archived.

                   

                  I have a handful of advanced developers who that yell at my mcafee team for this exact item (with the exception they want OnAccess Scanner to be disabled). What we've done is setup a Policy Assignment (epo 4.6 or higher) which is auto-assigned based on machine name (you can be more selective and choose user). I then tagged my developer systems who requested OnAccess Scanning be disabled with a tag name of "ADVANCED_VSE_PRIVS".

                   

                  Via Policy Assignment rules I provide a special McAfee Agent and VSE UI policy that allows those machines to temporarily disable Access Protection until the policy enforcement for the agent starts and re-enforces the OnAccess Scanning. This way if the developer forgor to re-enable it, its comes back. I gave them a limit of 20 minutes. This has worked perfectly since we've implemented it.

                   

                  One thing to note, is I do not do this for every developer.

                   

                  Below is an example of the rule:

                  Forum_SS_VSE_Advanced.png

                   

                  -d