McAfee processes establish a trusted relationship with VSE to avoid violating the Access Protection rules. The trust relationship can be lost when core components are upgraded. This design makes it necessary to have process exclusions in place for certain Access Protection rules as a backup or safeguard to avoid unintentionally getting blocked by Access Protection.
When you modify a default Access Protection rule, the default rule is overwritten by the modified policy. In this scenario, you must manually add any vital processes to exclude, otherwise they get updated by the McAfee product patches.
For example, McAfee Agent 5.x introduces new process names (MASvc.exe, MACmnSvc.exe, MACompatSvc.exe). If the processes are not defined as excluded processes in the appropriate Access Protection rules, VSE prevents McAfee Agent from performing critical tasks unless the blocked services are rebooted or restarted.
Another example is where McAfee Agent 5.x and VSE (Patch 5, 6, or 7) is installed, and a newer build of SysCore 15.3+ is added to the system (such as from another McAfee product).
The trust relationship that the McAfee Agent had, is lost until a reboot or restart of services occurs. When the trust relationship is lost, VSE's Access Protection blocks the McAfee Agent processes until a reboot is performed, unless the new McAfee Agent 5.x processes have been excluded before the SysCore upgrade.
