Knowledge Center

Service Protection Monitoring with Endpoint Security and Host Intrusion Prevention
Technical Articles ID:   KB78600
Last Modified:  9/6/2017


McAfee Endpoint Security (ENS) Threat Prevention 10.x
McAfee Host Intrusion Prevention (Host IPS) 8.0
Microsoft Windows 10, 8.1
Microsoft Windows Server 2012 R2


ENS and Host IPS 8.0 do not provide service monitoring protection for the following services/processes on Windows 8.1, Windows 10, and Windows Server 2012 R2:
NOTE: Microsoft does provide service protection.
  • System.exe
  • Smss.exe
  • Csrss.exe
  • Services.exe
  • MsMpEng.exe
  • Sppsvc.exe
  • Audiodg.exe
Internet Explorer (IE) Protection mode:
  • Microsoft provides protection for IE using IE protection mode. ENS/Host IPS can protect iexplore.exe only when Internet Explorer (IE) protection mode is disabled.
Additionally, ENS/Host IPS do not provide service directive related protection for any additional non-ENS/Host IPS services.
ENS/Host IPS Custom Signature Directives
The following custom signature directives for the Windows class Services are not available on Windows 8.1, Windows 10, and Windows Server 2012 R2:
  • services:delete Deletes a service
  • services:create Creates a service
  • services:start Starts a service
  • services:stop Stops a service
  • services:pause Pauses a service
  • services:continue Continues a service after a pause
  • services:startup Modifies the startup mode of a service
  • services:profile_enable Enables a hardware profile
  • services:profile_disable Disables a hardware profile
  • services:logon Modifies the logon information of a service

Rate this document

Beta Translate with

Select a desired language below to translate this page.

Glossary of Technical Terms

 Highlight Glossary Terms

Please take a moment to browse our Glossary of Technical Terms.