0 Replies Latest reply on Sep 19, 2016 6:13 AM by bretzeli

    ENS 10.2 False/Postive INTERNET EXPLORER\MAIN\DEFAULT_PAGE_URL with Flexprofiles PROFILE software

    bretzeli

      Hello,

       

      Does anybody USE FLEXPROFILE Profile Managment software and sees same error. I tried to gte rif of it with all certain exlusions. Source EXE ist REGEDIT.EXE but run from a parent process

      so we can't track. We have this with two larger Mcafee customers which both have Flexprofiles and German W764BIT OS.

       

      * Windows 7 64BIT Germans OS

      * Internet 11 IEAK Version with all Updates and requested Hotfixes

      * Framework 5.0.4

      * ENS 10.2 Latest Version

      * latest Updates and DAT/CORE

      * Flexprofiles

      * Full redirect of %APPDATA%

       

      Threat Prevention

      ACCESS Protection

      Modifying Internet Explorer settings

      Access Requested:Write, Create
      Target Path:

      HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\DEFAULT_PAGE_URL

      Source File Path:C:\PROGRAM FILES\INTERNET EXPLORER
      Threat Impact:
      Source Port:
      Source Share Name:
      Source Process Hash:2e2c937846a0b8789e5e91739284d17a
      Source Process Signed:Yes
      Source Process Signer:C=US, S=WASHINGTON, L=REDMOND, O=MICROSOFT CORPORATION, OU=MOPR, CN=MICROSOFT WINDOWS
      Source Parent Process Name:
      Source Parent Process Hash:
      Source Parent Process Signed:
      Source Parent Process Signer:
      Source File Path:C:\WINDOWS
      Analyzer Content Version:10.1.0.0000

       

      **\ REGEDIT.EXE, which accessed HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\DEFAULT_PAGE_URL, violating the rule "Modifying Internet Explorer settings". Access was allowed because the rule wasn't configured to block.

       

      Any idea? Any help welcome ;-)