Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
4206 Views 5 Replies Latest reply: Mar 11, 2014 2:47 PM by dcobes RSS
bcookwellpet Newcomer 2 posts since
Apr 23, 2013
Currently Being Moderated

Apr 23, 2013 11:22 AM

How do I temporarily turn off Access Protection via command line or API?

Hey all,

 

I have done a bit of searching and found a number of threads but no real answer to this question.

 

Is there a way to temporarily disable (and afterwards re-enable) Access protection via a command line or using an API? I am thinking about developing an app for work that will check for updates for a number of programs and update them if new versions are found (but if I can't disable McAfee then this entire project would be useless). With the way that our VirusScan Enterprise 8.8 is set up through ePo pretty much nothing can be run without disabling AP. Currently, to disable AP, I need to unlock the UI with a password and then disable AP. I am trying to find a way to automate this whether by command line or API.

 

Any advice anyone has would be helpful.

 

Thanks!

  • rmetzger Champion 566 posts since
    Jan 4, 2005

    Hi,

     

    Welcome to the forums.

     

    I know of several hacks that would work for you, however, discussing such techniques on this public forum I am sure is against TOS of McAfee. These techniques could be used by others to disable the protective services you fighting. Disabling AP is suppose to be difficult, by design. And I for one, would like to keep it that way.

     

    Further, I would not wish other, potential malware writers, to gather these techniques for their nafarious use. Once these techniques are public, McAfee would have to lock them down, thus rendering that technique useless to you.

     

    My suggestion would be to contact your McAfee Support Rep and discuss your needs directly.

     

    Good luck and have fun.

    Ron Metzger

  • Attila Polinger Veteran 1,161 posts since
    Dec 8, 2009

    Hi,

     

    I'm wondering if sending down exclusions to the respective AP rules thorugh ePO is a viable way to you - considering that you are developing an app that in turn runs updates of other apps, so you might have time to finetune this. I would assume that the processes performing the actual updates do not change very often or their number stays below acceptable limits or they can even be specified using joker characters.

     

    Just wondering...

     

    Attila

  • rmetzger Champion 566 posts since
    Jan 4, 2005

    Your Welcome!

     

    Good luck.

    Ron Metzger

  • dcobes The Place at McAfee Member 38 posts since
    Nov 1, 2012

    I know this is a bit old, but thought I'd chime in before this was archived.

     

    I have a handful of advanced developers who that yell at my mcafee team for this exact item (with the exception they want OnAccess Scanner to be disabled). What we've done is setup a Policy Assignment (epo 4.6 or higher) which is auto-assigned based on machine name (you can be more selective and choose user). I then tagged my developer systems who requested OnAccess Scanning be disabled with a tag name of "ADVANCED_VSE_PRIVS".

     

    Via Policy Assignment rules I provide a special McAfee Agent and VSE UI policy that allows those machines to temporarily disable Access Protection until the policy enforcement for the agent starts and re-enforces the OnAccess Scanning. This way if the developer forgor to re-enable it, its comes back. I gave them a limit of 20 minutes. This has worked perfectly since we've implemented it.

     

    One thing to note, is I do not do this for every developer.

     

    Below is an example of the rule:

    Forum_SS_VSE_Advanced.png

     

    -d

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • Correct Answers - 5 points
  • Helpful Answers - 3 points