http://blogs.technet.com/b/configurationmgr/archive/2011/10/31/information-regarding-mcafee-access-protection-rule-and-configmgr-2007-ccmexec-exe-behavior.aspxHi folks, my name is Vinayak Sharma and I would like to share some information regarding McAfee Access protection rule and ccmexec.exe behavior. I have read a few McAfee articles where people were complaining about ccmexec.exe and why it triggers theen-USTelligent Evolution Platform Developer Build (Build: 5.6.50428.7875)http://blogs.technet.com/b/configurationmgr/archive/2011/10/31/information-regarding-mcafee-access-protection-rule-and-configmgr-2007-ccmexec-exe-behavior.aspx#3549761Fri, 01 Feb 2013 07:12:03 GMTd5e57398-b9ef-4490-9955-07cbb4e4a80d:3549761Pranay Bhagat (MCP,MCTS,MCITP)<p>Hi Vinayak,</p> <p>Does excluding ccmexec.exe from access protection works with SCCM 2012 too.</p> <p>As i have upgraded my SCCM 2012 site to SCCM 2012 SP1 &amp; McAfee was installed on the server because of which i was not able to update the boot image.</p> <p>Please suggest.</p> <div style="clear:both;"></div><img src="http://blogs.technet.com/aggbug.aspx?PostID=3549761" width="1" height="1">http://blogs.technet.com/b/configurationmgr/archive/2011/10/31/information-regarding-mcafee-access-protection-rule-and-configmgr-2007-ccmexec-exe-behavior.aspx#3524785Mon, 08 Oct 2012 18:48:46 GMTd5e57398-b9ef-4490-9955-07cbb4e4a80d:3524785saranrajappa<p>Hi,</p> <p>Thank you for sharing.</p> <p>I am looking at AccessProtectionLog.txt in Windows 7 SP1 with McAfee 8.8 client and the error is not there.</p> <p>Is it something resolved?</p> <div style="clear:both;"></div><img src="http://blogs.technet.com/aggbug.aspx?PostID=3524785" width="1" height="1">http://blogs.technet.com/b/configurationmgr/archive/2011/10/31/information-regarding-mcafee-access-protection-rule-and-configmgr-2007-ccmexec-exe-behavior.aspx#3464725Fri, 11 Nov 2011 16:43:33 GMTd5e57398-b9ef-4490-9955-07cbb4e4a80d:3464725Chad A<p>Great article, too bad you didn&#39;t include the Data column in ProcMon that shows what rights were requested when the file handle was opened. ccmexec.exe has a nasty habit of opening all files with Full Rights just to read file properties. If Microsoft would follow their own coding best practices and open the file with only the required permissions to perform the QueryBasicFileInformation action, McAfee wouldn&#39;t care. The same thing happens with the &quot;Hardware Inventory&quot; that collects which EXEs/DLLs are saved to disk. &nbsp;If you have any tools (not just McAfee) configured to block execute file system access to known-bad file names, ccmexec.exe will never inventory those files.</p> <div style="clear:both;"></div><img src="http://blogs.technet.com/aggbug.aspx?PostID=3464725" width="1" height="1">http://blogs.technet.com/b/configurationmgr/archive/2011/10/31/information-regarding-mcafee-access-protection-rule-and-configmgr-2007-ccmexec-exe-behavior.aspx#3462628Tue, 01 Nov 2011 16:56:49 GMTd5e57398-b9ef-4490-9955-07cbb4e4a80d:3462628G Hari<p>Great work bro, you have provided a valuable info. &nbsp;Keep it up!!!</p> <div style="clear:both;"></div><img src="http://blogs.technet.com/aggbug.aspx?PostID=3462628" width="1" height="1">http://blogs.technet.com/b/configurationmgr/archive/2011/10/31/information-regarding-mcafee-access-protection-rule-and-configmgr-2007-ccmexec-exe-behavior.aspx#3462537Tue, 01 Nov 2011 03:59:00 GMTd5e57398-b9ef-4490-9955-07cbb4e4a80d:3462537Jugal Piplani<p>Good work vinayank. It is good article in terms of the content and topic and really helpful in troubkeshooting. You should put some tags so that it should be easliy searchable.</p> <p>and Keep working.</p> <div style="clear:both;"></div><img src="http://blogs.technet.com/aggbug.aspx?PostID=3462537" width="1" height="1">