VirusScan Enterprise Access Protection blocks excluded processes
技术文章 ID:
KB84900
上次修改时间: 6/24/2020
上次修改时间: 6/24/2020
VirusScan Enterprise Access Protection blocks excluded processes
技术文章 ID:
KB84900
上次修改时间: 6/24/2020 环境McAfee VirusScan Enterprise (VSE) 8.8
问题Access Protection (AP) blocks an excluded process.
AP rules designed to block execution of processes (where there are processes to exclude defined for that rule) might also block the excluded processes. In other words, the excluded processes are not being properly excluded.
Mitigating factors
问题AP does not honor the Processes To Exclude list.
系统更改You installed
原因The VSE technology that facilitates AP changes in
This issue occurs because AP rules that block the EXECUTE action continue to block any Processes to Exclude. The translated rule involves a User-mode check and a Kernel-mode check, but only the User-mode check is honoring the excluded processes list. When the kernel-mode check occurs, it results in a deny. So, the net response of the rule processing is to Block. 解决方案This issue is resolved in VSE 8.8
VSE 8.8 Patch 16 is the latest patch available from the Downloads tab on the ServicePortal at https://support.mcafee.com/downloads.
NOTE: VSE 8.8 Patch 16 supports all supported Windows operating systems. 解决方法When the affected AP rule is one of the VSE default AP rules that has been enabled, you can do one of the following:
When the affected AP rule is one you have created, you can do one of the following:
相关信息Of the default AP rules, the following include the Execute action, and would be affected if enabled:
These rules are also affected, but only in the abstract, as you would not add processes to exclude for these rules:
技术术语词汇表 |
|