Adding a process to exclude under Access Protection fails to take effect when the rule contains System:Remote
Technical Articles ID: KB68560
Last Modified: 08/21/2012
Rated:
Last Modified: 08/21/2012
Rated:
Environment
Problem 1
Specifying a Process to Exclude (like psexec.exe, sms.exe, etc) in any Access Protection rule which includes the string system:remote does not take effect.
Problem 2
Adding any process on the Process to Exclude field of the Access Protection rule Anti-virus Standard Protection:Prevent remote creation/modification of executable and configuration files, does not take effect.
Cause
No information about which process is performing I/O (Input/Output) makes it across the network.
Solution
Disable the access protection rule which is using System:Remote. There is no way to add a specific process to be excluded when the access is performed across the network.
Via VirusScan Console:
- Click Start, Programs, McAfee, VirusScan Console.
- Double-clickAccess Protection and select Anti-virus Standard Protection.
- Select the desired access protection rule.
Example:
Prevent remote creation/modification of executable and configuration files
- Deselect Block and Report for that rule and click OK.
- Exit VirusScan Console.
