Sophos Mobile Control
Author: securcan-admin
Sophos Endpoint Products
Application Control the process name is “sychost.exe.” block bath file
Problem: added these batch file to the binary list but the solidcore process blocks it, the process name is “sychost.exe.”
Senario; When the user logs onto their machine cbs scripts are automatically activated over the DC server. We added these batch file to the binary. but the solidcore process blocks it.
the process name is “sychost.exe.”
How to write custome rule on McAfee hips
To create custom rule to prevent FILE operations (Create, Write, Execute, Read, etc.):
Name: <insert name>
Rule type: Files
Operations: Create, Execute, Read, Write
Parameters: path/file name
Note: The file name must include a path. If you wish to wildcard the path, begin the filename with **\ or ?:\ if you wish to wildcard the drive letter (for example: **\filename.exe or ?:\filename.exe).
You cannot use MD5 hashes with the “Files” parameter: path/filename only.
Drive type can also be used to limit the path to a specific drive type (for example., hard drive, CD-ROM, USB, network, floppy).
Executables: Can be left blank, unless you want to limit the signature to specific processes that performs the file operation (for example, explorer.exe, cmd.exe, etc.).
VSE On Access And Access Protection are always disable
Problem:
Always On Access and Access Protection modules are disable and also McAfee McShield and McAfee Validation Trust Protection services are stopped and can’t be started.
McAfee DLP Install Standalone and with policy
How to Install McAfee Data Loss Prevention on a stand alone system with no connection to ePO Server
Follow those instructions:
McAfee DLP- Drivers Installation Failed
Problem:
DLP Endpoint Status Driver installation failed
McAfee Data Loss Prevention 9.4.x
McAfee Drive Encryption Fatal Eror 0XEE020006
Replication to SuperAgent Distributed Repository Fails
Problem:
Replication to SuperAgent Distributed Repository fails – error code 5 (Access is Denied)
McAfee Agent 5.x
Solution 1:
-Deselect self protection on the super agent from the ePO server in General policy
-Log in to the system who’s super agent
-Open repository folder, in the folder there is a file sitestat.xml
-Stop all McAfee Agent Services (McAfee Agent Service, McAfee Agent Common Services, McAfee Agent Backwards Compatibility)
-After you stop the services you will see that the file “sitestat.xml” is disappear(if not delete it)
-Start the services
Now try to replicate the super agent repository.
Solution 2:
When Accept connections only from the ePO server is selected in General policy, replication from SuperAgent might fail in a cluster ePolicy Orchestrator environment
-Deselect Accept connections only from the ePO server in General policy, then perform agent-to-server communication and replicate SuperAgent
McAfee ePolicy Orchestrator Change time zone
Hello Friends,
McAfee ePolicy Orchestrator Change time zone for see task working normally time
One of the following parameters must be added to the registry under HKLM \ SOFTWARE \ Wow6432Node \ Apache Software Foundation \ Procrun 2.0 \ MCAFEETOMCATSRV250 \ Parameters \ Java \ Options. The problem is solved after entering one of the parameters.
-Duser.timezone = Asia / Kuwait
-Duser.timezone = Asia / Baghdad
-Duser.timezone = ” GMT + 3 ”
After the addition process, the following services need to be restarted by stopping with sirasin.
McAfee ePolicy Orchestrator Application Server
McAfee ePolicy Orchestrator Event Parser
McAfee ePolicy Orchestrator Server
If your Windows server is running on Eger servers, you can check the connection times on ePO and apply the corresponding solution.
You can see the screen display related to the parameter below.
