On a server that was having a lot of CPU activity and HDD actiivity -and was showing in the McAfee Access Protection l - every 20 seconds was showing that AexNSAgent.exe was attemping to terminate the McAfee engine. Researched on the error and found some info related to the SMS agent doing the same thing. I figured that since the Altiris agent does the same function as the SMS agent then I needed to do the exclusion.
https://kc.mcafee.com/corporate/index?page=content&id=KB73080&actp=search&viewlocale=en_US&searchid=1319677643545
https://kc.mcafee.com/corporate/index?page=content&id=KB71970&actp=LIST_RECENT
I followed the article instructions to a T and it did not work. Further investigation in connection with my Server admin found that found that McFee 8.7i had no patch level. Their was Patch 5 along with a Hotfix that was released about the same time as the instructions. So McAfee figured out that their product was broken and wrote a hot fix .
Installed patch p5 vse87ip5 along with Hotfix 1vse870hf638179 and no more log errors or being blocked
The server seems faster looking at the logs also. Now to roll it out to all servers...
The error in the windows application logs was the following:
Blocked by access protection rule. Access to object C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe was blocked by rule Common Standard Protection:Prevent termination of McAfee processes.
The logs in the McFee access protection log were the following:
10/26/2011 6:41:39 PM Blocked by Access Protection rule NT AUTHORITY\SYSTEM C:\Windows\system32\services.exe C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe Common Standard Protection:Prevent termination of McAfee processes Action blocked : Terminate 10/26/2011 6:41:40 PM Blocked by Access Protection rule NT AUTHORITY\SYSTEM C:\Windows\system32\services.exe C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe Common Standard Protection:Prevent termination of McAfee processes Action blocked : Terminate 10/26/2011 6:42:31 PM Would be blocked by Access Protection rule (rule is currently not enforced) NT AUTHORITY\SYSTEM C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe C:\Program Files\VMware\VMware Tools\VMwareTray.exe Virtual Machine Protection:Prevent Termination of VMWare Processes Action blocked : Terminate 10/26/2011 6:42:31 PM Would be blocked by Access Protection rule (rule is currently not enforced) NT AUTHORITY\SYSTEM C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe C:\Program Files\VMware\VMware Tools\VMwareUser.exe Virtual Machine Protection:Prevent Termination of VMWare Processes Action blocked : Terminate