9 Replies Latest reply on Jun 7, 2013 5:47 AM by RyanG

    Access Protection Rules Run at Installation though Disabled

    RyanG

      I'm hoping someone here can help me out, because I'm at a loss for what is going on.

       

      I've got a custom unmanaged installation of McAfee 8.7i Patch 5 (w/McAfee Agent 4.8.0.641) with  Buffer Overflow not installed and Access Protection is set as disabled. Nonetheless, a number of Access Protection rules run at installation on Windows 7 x64. Even in the off chance that it was running, the Common Maximum Protection:Prevent programs registering as a service rule is set to Report only and Common Standard Protection:Protect Mozilla & FireFox files and settings is set for neither Block or Report as no one uses it.

       

      Any help would be greatly appreciated!

       

      6/3/2013    11:38:58 AM    Blocked by Access Protection rule     NT AUTHORITY\SYSTEM    C:\Windows\system32\services.exe    \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\mfeavfk\Security    Common Maximum Protection:Prevent programs registering as a service    Action blocked : Create

      6/3/2013    11:38:58 AM    Blocked by Access Protection rule     NT AUTHORITY\LOCAL SERVICE    C:\Windows\system32\svchost.exe    \REGISTRY\MACHINE\System\CurrentControlSet\Services\BFE\Parameters\Policy\Persi stent    Common Maximum Protection:Prevent programs registering as a service    Action blocked : Create

      6/3/2013    11:38:58 AM    Blocked by Access Protection rule     NT AUTHORITY\LOCAL SERVICE    C:\Windows\system32\svchost.exe    \REGISTRY\MACHINE\System\CurrentControlSet\Services\BFE\Parameters\Policy\BootT ime\Filter    Common Maximum Protection:Prevent programs registering as a service    Action blocked : Create

      6/3/2013    11:38:58 AM    Blocked by Access Protection rule     NT AUTHORITY\LOCAL SERVICE    C:\Windows\system32\svchost.exe    \REGISTRY\MACHINE\System\CurrentControlSet\Services\BFE\Parameters\Policy\Persi stent    Common Maximum Protection:Prevent programs registering as a service    Action blocked : Create

      6/3/2013    11:38:58 AM    Blocked by Access Protection rule     NT AUTHORITY\LOCAL SERVICE    C:\Windows\system32\svchost.exe    \REGISTRY\MACHINE\System\CurrentControlSet\Services\BFE\Parameters\Policy\BootT ime\Filter    Common Maximum Protection:Prevent programs registering as a service    Action blocked : Create

      6/3/2013    11:38:58 AM    Blocked by Access Protection rule     NT AUTHORITY\LOCAL SERVICE    C:\Windows\system32\svchost.exe    \REGISTRY\MACHINE\System\CurrentControlSet\Services\BFE\Parameters\Policy\Persi stent    Common Maximum Protection:Prevent programs registering as a service    Action blocked : Create

      6/3/2013    11:38:58 AM    Blocked by Access Protection rule     NT AUTHORITY\LOCAL SERVICE    C:\Windows\system32\svchost.exe    \REGISTRY\MACHINE\System\CurrentControlSet\Services\BFE\Parameters\Policy\BootT ime\Filter    Common Maximum Protection:Prevent programs registering as a service    Action blocked : Create

      6/3/2013    11:38:58 AM    Blocked by Access Protection rule     NT AUTHORITY\LOCAL SERVICE    C:\Windows\system32\svchost.exe    \REGISTRY\MACHINE\System\CurrentControlSet\Services\BFE\Parameters\Policy\Persi stent    Common Maximum Protection:Prevent programs registering as a service    Action blocked : Create

      6/3/2013    11:38:58 AM    Blocked by Access Protection rule     NT AUTHORITY\LOCAL SERVICE    C:\Windows\system32\svchost.exe    \REGISTRY\MACHINE\System\CurrentControlSet\Services\BFE\Parameters\Policy\BootT ime\Filter    Common Maximum Protection:Prevent programs registering as a service    Action blocked : Create

      6/3/2013    11:38:58 AM    Blocked by Access Protection rule     NT AUTHORITY\LOCAL SERVICE    C:\Windows\system32\svchost.exe    \REGISTRY\MACHINE\System\CurrentControlSet\Services\BFE\Parameters\Policy\Persi stent    Common Maximum Protection:Prevent programs registering as a service    Action blocked : Create

      6/3/2013    11:38:58 AM    Blocked by Access Protection rule     NT AUTHORITY\LOCAL SERVICE    C:\Windows\system32\svchost.exe    \REGISTRY\MACHINE\System\CurrentControlSet\Services\BFE\Parameters\Policy\BootT ime\Filter    Common Maximum Protection:Prevent programs registering as a service    Action blocked : Create

      6/3/2013    11:38:58 AM    Blocked by Access Protection rule     NT AUTHORITY\LOCAL SERVICE    C:\Windows\system32\svchost.exe    \REGISTRY\MACHINE\System\CurrentControlSet\Services\BFE\Parameters\Policy\Persi stent    Common Maximum Protection:Prevent programs registering as a service    Action blocked : Create

      6/3/2013    11:38:58 AM    Blocked by Access Protection rule     NT AUTHORITY\LOCAL SERVICE    C:\Windows\system32\svchost.exe    \REGISTRY\MACHINE\System\CurrentControlSet\Services\BFE\Parameters\Policy\BootT ime\Filter    Common Maximum Protection:Prevent programs registering as a service    Action blocked : Create

      6/3/2013    11:38:59 AM    Blocked by Access Protection rule     NT AUTHORITY\LOCAL SERVICE    C:\Windows\system32\svchost.exe    \REGISTRY\MACHINE\System\CurrentControlSet\Services\BFE\Parameters\Policy\Persi stent    Common Maximum Protection:Prevent programs registering as a service    Action blocked : Create

      6/3/2013    11:38:59 AM    Blocked by Access Protection rule     NT AUTHORITY\LOCAL SERVICE    C:\Windows\system32\svchost.exe    \REGISTRY\MACHINE\System\CurrentControlSet\Services\BFE\Parameters\Policy\BootT ime\Filter    Common Maximum Protection:Prevent programs registering as a service    Action blocked : Create

      6/3/2013    11:38:59 AM    Blocked by Access Protection rule     NT AUTHORITY\LOCAL SERVICE    C:\Windows\system32\svchost.exe    \REGISTRY\MACHINE\System\CurrentControlSet\Services\BFE\Parameters\Policy\Persi stent    Common Maximum Protection:Prevent programs registering as a service    Action blocked : Create

      6/3/2013    11:38:59 AM    Blocked by Access Protection rule     NT AUTHORITY\LOCAL SERVICE    C:\Windows\system32\svchost.exe    \REGISTRY\MACHINE\System\CurrentControlSet\Services\BFE\Parameters\Policy\BootT ime\Filter    Common Maximum Protection:Prevent programs registering as a service    Action blocked : Create

      6/3/2013    11:38:59 AM    Blocked by Access Protection rule     NT AUTHORITY\LOCAL SERVICE    C:\Windows\system32\svchost.exe    \REGISTRY\MACHINE\System\CurrentControlSet\Services\BFE\Parameters\Policy\Persi stent    Common Maximum Protection:Prevent programs registering as a service    Action blocked : Create

      6/3/2013    11:38:59 AM    Blocked by Access Protection rule     NT AUTHORITY\LOCAL SERVICE    C:\Windows\system32\svchost.exe    \REGISTRY\MACHINE\System\CurrentControlSet\Services\BFE\Parameters\Policy\BootT ime\Filter    Common Maximum Protection:Prevent programs registering as a service    Action blocked : Create

      6/3/2013    11:38:59 AM    Blocked by Access Protection rule     NT AUTHORITY\LOCAL SERVICE    C:\Windows\system32\svchost.exe    \REGISTRY\MACHINE\System\CurrentControlSet\Services\BFE\Parameters\Policy\Persi stent    Common Maximum Protection:Prevent programs registering as a service    Action blocked : Create

      6/3/2013    11:38:59 AM    Blocked by Access Protection rule     NT AUTHORITY\LOCAL SERVICE    C:\Windows\system32\svchost.exe    \REGISTRY\MACHINE\System\CurrentControlSet\Services\BFE\Parameters\Policy\BootT ime\Filter    Common Maximum Protection:Prevent programs registering as a service    Action blocked : Create

      6/3/2013    11:38:59 AM    Blocked by Access Protection rule     NT AUTHORITY\LOCAL SERVICE    C:\Windows\system32\svchost.exe    \REGISTRY\MACHINE\System\CurrentControlSet\Services\BFE\Parameters\Policy\Persi stent    Common Maximum Protection:Prevent programs registering as a service    Action blocked : Create

      6/3/2013    11:39:02 AM    Blocked by Access Protection rule     NT AUTHORITY\SYSTEM    C:\Windows\syswow64\MsiExec.exe    C:\Program Files\Mozilla Firefox\components\Scriptff.dll    Common Standard Protection:Protect Mozilla & FireFox files and settings    Action blocked : Create

      6/3/2013    11:39:02 AM    Blocked by Access Protection rule     NT AUTHORITY\SYSTEM    C:\Windows\system32\services.exe    \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\McTaskManager\Security    Common Maximum Protection:Prevent programs registering as a service    Action blocked : Create