MCAFEE ENS 10.5.X HIPS Module, Exploit, ExP:Invalid Call how to Exclude single API calls (Solidworks CAD)

You have ENS 10.5.1 on Windows 7 64BIT

You have THREAT PREVENTION, Exploit Prevention all HIPS CATEGORY HIGH, MEDUIM, LOW on Report AND Blocking active (All three)

You use Solidcore CAD or any other software that trigger the ExP:Invalid Call in the HIPS Module

This is an in general help from us how to exclude things from the HIPS Module WHICH is integrated in every ENS Endpoint 10.5.X Client from Mcafee.

Alert/Events you see from Mcafee HIPS Module:

Here is the Event on the Dashboard

German

English

Notice/Note/Writedown fllwing from the Event above:

1. the Analyze RULE ID                    6015
2. API Name                        OpenProcess
3. Text after Description CALLED MODULE     MWSCRIPTGUI.DLL,    MWSCRIPTGUI.DLL

Go to your Exploit Policy's:

Now check if the RULE is active reporting and block

Enter the Analyze RULE ID in the Search field and mark all boxes above (Done save, Just to see if you have it active)

Here you see that the RULE 6015 is active in that policy

German

German

English

Now above in the POLICY make an exception from the info we noted from the event above.

This will look like this when done.

German (Screenshot show DL instead of DLL) see English version below

English

SAVE

SAVE (Two times don't forget)

Now TEST and update the Mcafee Agent

ONL if this DOES not work you COULD turn of the rile 6015 complete.

Last (badest) solution option is to turn the HIPS rule 6015 of ENS complete OFF.