Yes, there is an additional protection mechanism in place to prevent folks (and malware, since there's no way to distinguish the two) from messing with the ACLs .
Thanks for confirming WWarren - are you aware of whether this applies to mfefire as well as mfevtp? If it applies to mfefire, is there any reason it doesnt also apply to enterceptagent? And lastly, is there any way around this if a business requirement dictates the need (either with or without further McAfee assistance and an NDA! :-D)
I'm not aware of it extending to mfefire, but, someone from HIP team could confirm (I'm guessing there's a HIP forum). It would be perfectly reasonable to assume it benefits from the same protection.
in the same air of the question regarding enterceptAgent, why not also VirusScan's other processes like McShield and even the McAfee Agent... well, I assume because we wanted to protect with extra security only those components we feel are most critical - the others are already protected sufficiently to thwart malicious intent.
Yes, there is a way around it. It's not something that has been asked before so I would suggest working with an Account Manager to make the business requirement known and see what folks need on our side to consider allowing it.
Speed of responses appreciated! I will start a new discussion in the HIPS forum for mfefire. I thought that would be the answer regarding the way around it - I will communicate to the account :-)
Thanks once again,