Running VSE 8.8
I know C:\Windows\syswow64\MsiExec.exe is a safe file, but it tries to stop a variety of McAfee services quite often when installing a variety of different applications. Can I just exempt it from "Common Standard Protection:Prevent termination of McAfee processes" because it does tend to fill the log with attempts to stop a variety of McAfee services. OR would this not be a wise thing to do because someone might be using the Windows installer to install a malicious program designed to kill McAfee and take over the PC?
Maybe I can just create a job to dump the msiexec log entries so it doesn't fill up my database.What do you think?
I concur, it would not be wise to exclude msiexec.exe from that particular rule.
If you're getting a lot of violations from it, the cause is likely from installers that enumerate what processes are running - and doing so with an inappropriate privilege level, i.e. they include in their AccessMask the TERMINATE privilege. That is what our code looks for.