The below is a copy(ish) of https://community.mcafee.com/message/298495, relating to the mfevtp service (VSE), however the same issue is seen for mfefire, so I have copied across to this forum also:
I have a group of techies I am working with who have a requirement to amend the system ACLs on services running on internal servers. We are running VSE8.8 and HIPS8.0. With VSE Access protection disabled and both HIPS and Firewall services disabled (although note that we get the same result with HIPS IPS enabled), we can successfully change the SACLs on the following services:
we get access denied errors when attempting to change the SACLs for the following, however:
I note that in services.msc, when right clicking the mfefire service, the options to stop and start are greyed out, even with VSE access protection disabled. Why would this be different to enterceptagent, and what is protecting the service?
The above community post confirms that there is an additional protection mechanism for mfevtp - does the same hold for mfefire?