The following workaround is optional; only use it temporarily to mitigate the impact of the issue until the VSE fix can be applied.
This workaround prevents scanning on read file activity from
c:\windows\system32\csrss.exe.
IMPORTANT: Before you perform this workaround, carefully assess the risk in your environment because this setting can lower your security posture. McAfee recommends that you remove this workaround after you apply the VSE fix.
To prevent scanning on read file activity from csrss.exe in ePO:
- In the On-Access Default Processes Policies VSE policy, select Configure different scanning policies for high-risk, low-risk, and default processes.
- Modify the On-Access Low-Risk Processes Policies policy to include csrss.exe and to not scan when reading from disk.
- Apply this policy.
NOTE: Only apply this policy to systems running affected Windows operating systems.
To prevent scanning on read file activity from csrss.exe locally:
- From the VirusScan console, open On-Access Scanner settings.
- Select All Processes. But, if the option is named Default Processes go to step 4.
- Select Configure different scanning policies and click Apply.
- Select Low-Risk processes.
- Add csrss.exe.
- Click the Scan Items tab.
- Deselect When reading from disk.
- Click Apply.