Buy or Renew
Buy or Renew
NOTICE: You can now engage in the community. Learn about the great new Cisco Umbrella content.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1589
Views
0
Helpful
9
Replies

CSA and McScript_InUse.exe

andy
Level 1
Level 1

‎01-11-2005 08:26 AM - edited ‎03-10-2019 01:13 AM

I am trying to allow the McAfee agent to run on Windows PCs without popping up CSA warnings. I ran through the Wizard to allow this exception, but it doesn't seem to be working correctly. Is there something I am missing?

Labels:
0 Helpful
9 Replies 9

tsteger1
Level 8
Level 8

‎01-11-2005 12:25 PM

Was this trojan detection? You may want to create an exception for the folder and all .exe's instead of trying to do individual .exe's. I made one just for mcscript_inuse.exe downloading and executing and it seems to work ok.

0 Helpful

andy
Level 1
Level 1
In response to tsteger1

‎01-11-2005 03:32 PM

Yes, it was a trojan detection. How do I add the exception for the whole C:\Program Files\Network Associates\Common Framework\ folder?

0 Helpful

tsteger1
Level 8
Level 8
In response to andy

‎01-11-2005 05:08 PM

Before you do that, confirm that the following is true:

The wizard created an application class called "McScript_InUse.exe" if you accepted the defaults.

Make sure it's in the trojan detection rule under "Downloading and invoking executable files"

That should have been all you needed to do.

If it's in a group exception, try adding it to the main TD rule instead.

If this is true and you still have errors with that executable there may be something else going on.

If there are other executables causing the alerts, then a folder or file set exception may work better. You want to be careful with those because it could allow a bad executable to run in the directory.

Tom

0 Helpful

gclevenger
Level 1
Level 1
In response to tsteger1

‎03-04-2005 06:39 AM

I am having the exact same problem. Did the folder/file set exeption work for you?

0 Helpful

jarvoy
Level 1
Level 1
In response to gclevenger

‎03-08-2005 12:55 PM

I struggled with this one too. In this scenario the wizard just flat out doesn't work. What I ended up doing was changing the process in the application class to read:

**\Program Files\Network Associates\Common Framework\*

Once this was applied as an exception to the TD rule (Downloading and invoking executable files) all was fine.

0 Helpful

aduerr
Level 1
Level 1
In response to jarvoy

‎03-23-2005 11:49 PM

Hi,

I tried adding Virus Scanner Module to TD exception first. After that I gave Application Class McScript_inUse.exe full file access (read&write) and application start control to all files belonging to **\Program Files\EPO\**\* and **\Program Files\Network Associates\**\*.

With triggering logging for these rules I checked that I get hit counts on them, but still getting alerts an the TD exception for downloading and invoking files.

Regards,

Arne

0 Helpful

gclevenger
Level 1
Level 1
In response to aduerr

‎03-24-2005 03:07 AM

Cisco has a Word Doc that tells exactly how to get around this problem. If you send me an email, I will forward this doc to you. cisco1.10.ccie7965@spamgourmet.com

0 Helpful

andy
Level 1
Level 1
In response to gclevenger

‎04-04-2005 07:45 AM

My email address is already listed in the post.

0 Helpful

tsteger1
Level 8
Level 8
In response to gclevenger

‎04-04-2005 09:02 AM

If the document is freely available on this web site, please share the link with the rest of us.

Thanks

Tom

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card