1 Reply Latest reply: Nov 11, 2013 10:56 AM by wwarren RSS

    Should I exclude MSIEXEC From Access Protection?


      Running VSE 8.8

      I know C:\Windows\syswow64\MsiExec.exe is a safe file, but it tries to stop a variety of McAfee services quite often when installing a variety of different applications. Can I just exempt it from "Common Standard Protection:Prevent termination of McAfee processes" because it does tend to fill the log with attempts to stop a variety of McAfee services. OR would this not be a wise thing to do because someone might be using the Windows installer to install a malicious program designed to kill McAfee and take over the PC?

      Maybe I can just create a job to dump the msiexec log entries so it doesn't fill up my database.What do you think?

        • 1. Re: Should I exclude MSIEXEC From Access Protection?

          I concur, it would not be wise to exclude msiexec.exe from that particular rule.


          If you're getting a lot of violations from it, the cause is likely from installers that enumerate what processes are running - and doing so with an inappropriate privilege level, i.e. they include in their AccessMask the TERMINATE privilege. That is what our code looks for.