After disabling Access Protection via policy in ePolicy Orchestrator (ePO), once enforced on the client, the ENS console still shows that Access Protection is enabled. This information is then reported incorrectly back to ePO.
This issue is cosmetic. When the policy is enforced, Access Protection is successfully disabled on the client.
To verify that Access Protection has successfully been disabled, check
ap.xml at:
C:\Program Files (x86)\McAfee\Endpoint Security\Endpoint Security Platform or
C:\Program Files\McAfee\Endpoint Security\Endpoint Security Platform.
- If Access Protection is enabled, you see the following:
<Modules>
<Module id="AM">
<Name>IDS_BLADE_NAME_SPB</Name>
<ContentFile>C:\Program Files\McAfee\Endpoint Security\Threat Prevention\TP_AccessProtection.rul</ContentFile>
<ContentVersion>10.1.0.0000</ContentVersion>
<ContentDate>2015-09-22T11:11:11Z</ContentDate>
<ContentNotes />
<Enable>true</Enable>
- If Access Protection is disabled, you see the following:
<Modules>
<Module id="AM">
<Name>IDS_BLADE_NAME_SPB</Name>
<ContentFile>c:\Program Files\McAfee\Endpoint Security\Threat Prevention\TP_AccessProtection.rul</ContentFile>
<ContentVersion>10.5.0</ContentVersion>
<ContentDate>2015-09-22T11:11:11Z</ContentDate>
<ContentNotes/>
<Enable>false</Enable>