0 Replies Latest reply on Apr 6, 2016 5:07 PM by eobiont

    Access Protection Default Rules question

    eobiont

      Working with McAfee EPO 5.3 and VirusScan 8.8 patch 7

       

      I am cleaning up my default Access Protection rules.  Usually, when I do this, I make a copy of McAfee Default and then pick through it to add back in my own exclusions from the rule I am cleaning up.  As I am doing this I am noticing some changes I have a question about,

      For example, I am looking at this specific rule Workstations: Common Standard Protection:Prevent modification of McAfee files and setttings

       

      My own current policy has exclusions like this (duplicated from the default previously I think),,,

      **\Common Files\McAfee\SystemCore\csscan.exe


      The current McAfee Default rule looks like

      \:::csscan.exe


      I am not sure if my own rules are more current or if these differently formatted rules in DEFAULT are newer.

      There are a few excluded McAfee processes in my rules that are not in the default exclusions and I wonder if I should remove them or if I added them due to KB articles over time or something...


      In my exclusions, not in McAfee Default exclusions...

      mfevtps.exe  -- think this is new ACC core process...

      **\Common Files\McAfee\DATReputation\mcdatrep.exe   --- this this is part of DAT Reputation...

      cleanmgr.exe -- not sure this is a mcafee process or not


      So, not sure if MY rules are newer or if DEFAULT rules are newer.