2 Replies Latest reply on Apr 25, 2016 4:34 PM by mcvoodoo

    Upgrade to VSE 8.8 Patch 7 Results in NAPRDMGR.EXE Access Protection Log Entries

    mcvoodoo

      Hi,

       

      I'm in the process of testing VSE 8.8 patch 7 (moving from patch 5) and I've noticed that since the upgrade my test machines are reporting the following entries in the access protection log:

       

      23/03/201608:29:16Blocked by Access Protection ruleNT AUTHORITY\SYSTEMC:\PROGRAM FILES (X86)\MCAFEE\COMMON FRAMEWORK\NAPRDMGR.EXEC:\ProgramData\McAfee\datreputation\Logs\datreputation.txtMcAfee DAT Reputation:Prevent modification of McAfee DAT Reputation files and settingsAction blocked : Create
      23/03/201608:29:16Blocked by Access Protection ruleNT AUTHORITY\SYSTEMC:\PROGRAM FILES (X86)\MCAFEE\COMMON FRAMEWORK\NAPRDMGR.EXEC:\ProgramData\McAfee\datreputation\Logs\notices.txtMcAfee DAT Reputation:Prevent modification of McAfee DAT Reputation files and settingsAction blocked : Create
      23/03/201608:29:16Blocked by Access Protection ruleNT AUTHORITY\SYSTEMC:\PROGRAM FILES (X86)\MCAFEE\COMMON FRAMEWORK\NAPRDMGR.EXEHKLM\SOFTWARE\WOW6432NODE\MCAFEE\DATREPUTATION\McAfee DAT Reputation:Prevent modification of McAfee DAT Reputation files and settingsAction blocked : Write

       

      At first I thought this might be due to the fact I was running an old DAT reputation extension, but upgrading to the latest one available (1.0.2.129) but upgrading to this hasn't cleared the issue. I believe I'm running the latest extension for VSE (8.8.0.448) too.  For information, the test machines are running McAfee Agent 4.8.0.1500.

       

      I did read an article saying that if you've altered the Access Protection rule policy then the policy would not pick up the latest exclusions detailed in products extensions, but the entries still appear when i revert back to "McAfee Default" which I do expect to be updated.

       

      The workstations don't seem to be suffering any ill effects as a result.  I could add manual exclusions but I'd really like to understand why a McAfee process is being blocked from writing to a McAfee file.

       

      Anyone else seeing this issue?  Any ideas why it might be happening?

       

      Thanks

       

      MVC