0 Replies Latest reply on Feb 10, 2016 6:49 AM by fabiansz

    Access Protection - Excluding McAfee/Intel signed processes

    fabiansz

      Hi everyone

       

      Check out the following:

       

      White Paper Page 5 (wp-understanding-ep-security-10-module.pdf)

      In addition, AP now proactively excludes all McAfee/Intel Security-signed processes from being

      subject to access controls. McAfee VirusScan Enterprise 8.8 does not support this capability.

       

      I have several (4) ePO 5.3 Servers running for testing purposes. On only ONE of them I discovered the settings mentioned above. I first thought they came from a migrated VSE policy, but I can NOT re-produce the whole thing by migrating the policies again.

      Even if I open up the "McAfee Default" or the "My Default" Policies, there is no exclusion visible, targeting the "McAfee signed processes". Neither of all 4 servers have it in their default policies.

       

      So I'm wondering where did the "McAfee signed processes" exclusion come from, which I got in just one policy but not within the defaults? The White Paper tells me that's a feature, so I expect them within the defaults.

      Additionally there are a lot of "rules" beginning with "IDS_AP_RULE". I don't know where they came from, too. Again, the default policies do not contain them.

       

      Anyone knows the secret?

       

      Regards

      Fabian