01-11-2005 08:26 AM - edited 03-10-2019 01:13 AM
I am trying to allow the McAfee agent to run on Windows PCs without popping up CSA warnings. I ran through the Wizard to allow this exception, but it doesn't seem to be working correctly. Is there something I am missing?
01-11-2005 12:25 PM
Was this trojan detection? You may want to create an exception for the folder and all .exe's instead of trying to do individual .exe's. I made one just for mcscript_inuse.exe downloading and executing and it seems to work ok.
01-11-2005 03:32 PM
Yes, it was a trojan detection. How do I add the exception for the whole C:\Program Files\Network Associates\Common Framework\ folder?
01-11-2005 05:08 PM
Before you do that, confirm that the following is true:
The wizard created an application class called "McScript_InUse.exe" if you accepted the defaults.
Make sure it's in the trojan detection rule under "Downloading and invoking executable files"
That should have been all you needed to do.
If it's in a group exception, try adding it to the main TD rule instead.
If this is true and you still have errors with that executable there may be something else going on.
If there are other executables causing the alerts, then a folder or file set exception may work better. You want to be careful with those because it could allow a bad executable to run in the directory.
Tom
03-04-2005 06:39 AM
I am having the exact same problem. Did the folder/file set exeption work for you?
03-08-2005 12:55 PM
I struggled with this one too. In this scenario the wizard just flat out doesn't work. What I ended up doing was changing the process in the application class to read:
**\Program Files\Network Associates\Common Framework\*
Once this was applied as an exception to the TD rule (Downloading and invoking executable files) all was fine.
03-23-2005 11:49 PM
Hi,
I tried adding Virus Scanner Module to TD exception first. After that I gave Application Class McScript_inUse.exe full file access (read&write) and application start control to all files belonging to **\Program Files\EPO\**\* and **\Program Files\Network Associates\**\*.
With triggering logging for these rules I checked that I get hit counts on them, but still getting alerts an the TD exception for downloading and invoking files.
Regards,
Arne
03-24-2005 03:07 AM
Cisco has a Word Doc that tells exactly how to get around this problem. If you send me an email, I will forward this doc to you. cisco1.10.ccie7965@spamgourmet.com
04-04-2005 07:45 AM
My email address is already listed in the post.
04-04-2005 09:02 AM
If the document is freely available on this web site, please share the link with the rest of us.
Thanks
Tom
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide