Loading...

Knowledge Center

Adding a process to exclude under Access Protection has no effect when the rule includes only System:Remote
Technical Articles ID:   KB68560
Last Modified:  2/22/2017
Rated:

Environment

McAfee VirusScan Enterprise (VSE) 8.x

For details of VSE 8.x supported environments, see KB51111.

Problem

Specifying a Process to Exclude (for example, psexec.exe or sms.exe) in any Access Protection rule that specifies only the Process to Include of System:Remote, does not take effect.

Problem

Adding any process to the Process to Exclude field of the Access Protection rule Anti-virus Standard Protection:Prevent remote creation/modification of executable and configuration files has no effect.

Cause

No information about which process is performing I/O (Input/Output) makes it across the network. The process performing the action on the client system is System:Remote. Because the only process included in the rule is System:Remote, the only process that can be excluded would also be System:Remote, effectively disabling the rule.

Solution

Disable the Access Protection rule that is using System:Remote as the Process to Include. There is no way to add a specific process to be excluded when the access is performed across the network.
  1. Click Start, Programs, McAfee, VirusScan Console.
  2. Double-click Access Protection and select Anti-virus Standard Protection.
  3. Select the appropriate Access Protection rule.
     
    Example:

    Prevent remote creation/modification of executable and configuration files
     
  4. Deselect Block and Report for that rule, and click OK.
  5. Exit the VirusScan Console.

Rate this document

Did this article resolve your issue?

Please provide any comments below

Affected Products


VirusScan Enterprise 8.8

Beta Translate with

Select a desired language below to translate this page.

Glossary of Technical Terms


 Highlight Glossary Terms

Please take a moment to browse our Glossary of Technical Terms.