SiteAdvisor Enterprise can be uninstalled via the command line even when the hardening policy for files/folders is enabled
Technical Articles ID:
KB82448
Last Modified: 4/6/2017
Last Modified: 4/6/2017
SiteAdvisor Enterprise can be uninstalled via the command line even when the hardening policy for files/folders is enabled
Technical Articles ID:
KB82448
Last Modified: 4/6/2017 EnvironmentMcAfee SiteAdvisor Enterprise (SAE) 3.5
For details of Site Advisor Enterprise supported environments, see KB51244. ProblemSAE can be uninstalled using the msiexec.exe command line method, even when the hardening policy for files/folders is enabled, when the user disables the hardening service.
CauseFiles and folder protection/registry protection is dependent on Access Protection (AP). Because AP is done using AP rules, the SAE uninstaller is excluded from these rules. However, service hardening does not use AP rules; having the hardening for services disabled allows the command line uninstall to complete because it is excluded from AP rules that protect files/folders.
SolutionThis issue was resolved in McAfee Endpoint Security (ENS) 10.1 (and later), which includes SAE as a component. This issue will not be resolved in stand-alone SAE 3.5.
Technical Support recommends upgrading to ENS 10.1 (or later) if this functionality is required in your environment. WorkaroundEnsure that the ePolicy Orchestrator administrator has the self-protection hardening policy Services enabled, to ensure that a user cannot perform command line uninstall to remove SAE.
To enable the SAE hardening policy for Services, see the "Hardening Policy for SiteAdvisor Enterprise" section of the SAE 3.5 Product Guide (PD23522). Related InformationHardening policy:
Affected ProductsGlossary of Technical Terms |
|