https://community.cisco.com/t5/network-security/csa-and-mcscript-inuse-exe/m-p/370594#M97374 <HTML><HEAD></HEAD><BODY><P>Cisco has a Word Doc that tells exactly how to get around this problem. If you send me an email, I will forward this doc to you. <A href="mailto:cisco1.10.ccie7965@spamgourmet.com">cisco1.10.ccie7965@spamgourmet.com</A></P></BODY></HTML> Thu, 24 Mar 2005 11:07:55 GMT gclevenger 2005-03-24T11:07:55Z https://community.cisco.com/t5/network-security/csa-and-mcscript-inuse-exe/m-p/370587#M97359 <P>I am trying to allow the McAfee agent to run on Windows PCs without popping up CSA warnings. I ran through the Wizard to allow this exception, but it doesn't seem to be working correctly. Is there something I am missing?</P> Sun, 10 Mar 2019 09:13:49 GMT https://community.cisco.com/t5/network-security/csa-and-mcscript-inuse-exe/m-p/370587#M97359 andy 2019-03-10T09:13:49Z https://community.cisco.com/t5/network-security/csa-and-mcscript-inuse-exe/m-p/370588#M97362 <HTML><HEAD></HEAD><BODY><P>Was this trojan detection? You may want to create an exception for the folder and all .exe's instead of trying to do individual .exe's. I made one just for mcscript_inuse.exe downloading and executing and it seems to work ok.</P></BODY></HTML> Tue, 11 Jan 2005 20:25:44 GMT https://community.cisco.com/t5/network-security/csa-and-mcscript-inuse-exe/m-p/370588#M97362 tsteger1 2005-01-11T20:25:44Z https://community.cisco.com/t5/network-security/csa-and-mcscript-inuse-exe/m-p/370589#M97365 <HTML><HEAD></HEAD><BODY><P>Yes, it was a trojan detection. How do I add the exception for the whole C:\Program Files\Network Associates\Common Framework\ folder? </P></BODY></HTML> Tue, 11 Jan 2005 23:32:14 GMT https://community.cisco.com/t5/network-security/csa-and-mcscript-inuse-exe/m-p/370589#M97365 andy 2005-01-11T23:32:14Z https://community.cisco.com/t5/network-security/csa-and-mcscript-inuse-exe/m-p/370590#M97367 <HTML><HEAD></HEAD><BODY><P>Before you do that, confirm that the following is true:</P><P></P><P>The wizard created an application class called "McScript_InUse.exe" if you accepted the defaults. </P><P></P><P>Make sure it's in the trojan detection rule under "Downloading and invoking executable files"</P><P></P><P>That should have been all you needed to do. </P><P></P><P>If it's in a group exception, try adding it to the main TD rule instead.</P><P></P><P>If this is true and you still have errors with that executable there may be something else going on.</P><P></P><P>If there are other executables causing the alerts, then a folder or file set exception may work better. You want to be careful with those because it could allow a bad executable to run in the directory.</P><P></P><P>Tom</P></BODY></HTML> Wed, 12 Jan 2005 01:08:02 GMT https://community.cisco.com/t5/network-security/csa-and-mcscript-inuse-exe/m-p/370590#M97367 tsteger1 2005-01-12T01:08:02Z https://community.cisco.com/t5/network-security/csa-and-mcscript-inuse-exe/m-p/370591#M97368 <HTML><HEAD></HEAD><BODY><P>I am having the exact same problem. Did the folder/file set exeption work for you?</P></BODY></HTML> Fri, 04 Mar 2005 14:39:15 GMT https://community.cisco.com/t5/network-security/csa-and-mcscript-inuse-exe/m-p/370591#M97368 gclevenger 2005-03-04T14:39:15Z https://community.cisco.com/t5/network-security/csa-and-mcscript-inuse-exe/m-p/370592#M97370 <HTML><HEAD></HEAD><BODY><P>I struggled with this one too. In this scenario the wizard just flat out doesn't work. What I ended up doing was changing the process in the application class to read:</P><P></P><P> **\Program Files\Network Associates\Common Framework\*</P><P></P><P>Once this was applied as an exception to the TD rule (Downloading and invoking executable files) all was fine.</P></BODY></HTML> Tue, 08 Mar 2005 20:55:18 GMT https://community.cisco.com/t5/network-security/csa-and-mcscript-inuse-exe/m-p/370592#M97370 jarvoy 2005-03-08T20:55:18Z https://community.cisco.com/t5/network-security/csa-and-mcscript-inuse-exe/m-p/370593#M97372 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>I tried adding Virus Scanner Module to TD exception first. After that I gave Application Class McScript_inUse.exe full file access (read&amp;write) and application start control to all files belonging to **\Program Files\EPO\**\* and **\Program Files\Network Associates\**\*.</P><P></P><P>With triggering logging for these rules I checked that I get hit counts on them, but still getting alerts an the TD exception for downloading and invoking files.</P><P></P><P></P><P>Regards,</P><P>Arne</P><P></P></BODY></HTML> Thu, 24 Mar 2005 07:49:12 GMT https://community.cisco.com/t5/network-security/csa-and-mcscript-inuse-exe/m-p/370593#M97372 aduerr 2005-03-24T07:49:12Z https://community.cisco.com/t5/network-security/csa-and-mcscript-inuse-exe/m-p/370594#M97374 <HTML><HEAD></HEAD><BODY><P>Cisco has a Word Doc that tells exactly how to get around this problem. If you send me an email, I will forward this doc to you. <A href="mailto:cisco1.10.ccie7965@spamgourmet.com">cisco1.10.ccie7965@spamgourmet.com</A></P></BODY></HTML> Thu, 24 Mar 2005 11:07:55 GMT https://community.cisco.com/t5/network-security/csa-and-mcscript-inuse-exe/m-p/370594#M97374 gclevenger 2005-03-24T11:07:55Z https://community.cisco.com/t5/network-security/csa-and-mcscript-inuse-exe/m-p/370595#M97375 <HTML><HEAD></HEAD><BODY><P>My email address is already listed in the post.</P></BODY></HTML> Mon, 04 Apr 2005 14:45:17 GMT https://community.cisco.com/t5/network-security/csa-and-mcscript-inuse-exe/m-p/370595#M97375 andy 2005-04-04T14:45:17Z https://community.cisco.com/t5/network-security/csa-and-mcscript-inuse-exe/m-p/370596#M97377 <HTML><HEAD></HEAD><BODY><P>If the document is freely available on this web site, please share the link with the rest of us.</P><P></P><P>Thanks</P><P></P><P>Tom</P></BODY></HTML> Mon, 04 Apr 2005 16:02:32 GMT https://community.cisco.com/t5/network-security/csa-and-mcscript-inuse-exe/m-p/370596#M97377 tsteger1 2005-04-04T16:02:32Z