Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
286 Views 1 Reply Latest reply: Nov 11, 2013 10:56 AM by wwarren RSS
awbattelle Apprentice 65 posts since
Jan 20, 2012
Currently Being Moderated

Nov 7, 2013 5:10 PM

Should I exclude MSIEXEC From Access Protection?

Running VSE 8.8

I know C:\Windows\syswow64\MsiExec.exe is a safe file, but it tries to stop a variety of McAfee services quite often when installing a variety of different applications. Can I just exempt it from "Common Standard Protection:Prevent termination of McAfee processes" because it does tend to fill the log with attempts to stop a variety of McAfee services. OR would this not be a wise thing to do because someone might be using the Windows installer to install a malicious program designed to kill McAfee and take over the PC?

Maybe I can just create a job to dump the msiexec log entries so it doesn't fill up my database.What do you think?

  • wwarren McAfee SME 778 posts since
    Nov 3, 2009
    Currently Being Moderated
    1. Nov 11, 2013 10:56 AM (in response to awbattelle)
    Re: Should I exclude MSIEXEC From Access Protection?

    I concur, it would not be wise to exclude msiexec.exe from that particular rule.

     

    If you're getting a lot of violations from it, the cause is likely from installers that enumerate what processes are running - and doing so with an inappropriate privilege level, i.e. they include in their AccessMask the TERMINATE privilege. That is what our code looks for.

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • Correct Answers - 5 points
  • Helpful Answers - 3 points