cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
mlajoie
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 1 of 6
‎03-28-2022 05:20 AM

File Write Denied

Good morning.

We are trying to replace a file (C:\WINDOWS\PSEXESVC.exe) but we are getting file write denied.  I cannot skiplist \WINDOWS\ so is there a better way to allow that file to be replaced?  

We're just copying/pasting the new file onto the old one.  

Please advise of a possible better way.  Thank you.

0 Kudos
Reply
5 Replies
yaz
Employee
Employee
Report Inappropriate Content
Message 2 of 6
‎03-28-2022 08:44 AM

Re: File Write Denied

Hi @mlajoie 

Thank you for reaching out to McAfee Community.

From the provided details, we understand you are looking for possible skiplist option to exclude this event.

You can test locally for this file only. 

sadmin skiplist add -d <path component>

Details available in the product guide below. 

https://docs.mcafee.com/bundle/application-control-8.0.0-product-guide-unmanaged/page/GUID-25138B14-...

Was my reply helpful?

If yes, please give me a Kudo. If I have answered your query, kindly mark this as solution so that we help other community members together. 

0 Kudos
Reply
mlajoie
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 3 of 6
‎03-28-2022 08:47 AM

Re: File Write Denied

i thought -d was relative path and folder only -- not a specific file.  Am I mistaken?  The product guide doesn't provide an example.

0 Kudos
Reply
Pravas
Employee
Employee
Report Inappropriate Content
Message 4 of 6
‎03-29-2022 12:37 AM

Re: File Write Denied

Hi @mlajoie ,

You're correct, it uses a relative Path. If you were to add a skiplist for File Write Denied, it will be as follows.

skiplist add -d \Windows

Since the target path is Crucial to windows, its Not a good idea to use Skiplist.

The reason PSEXESVC.exe can't be replaced because its probably Solidified and is protected by SolidCore.

Incase the file is being replaced using Copy & Paste, then the source process is Explorer.exe. As its a generic process it can't be excluded or used as an Updater as well.

Here's something you can try:

1. Change SolidCore to Update Mode

2. Replace the file

3. Switch back to Enable mode

Hope it helps.

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Reply
mlajoie
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 5 of 6
‎03-29-2022 05:01 AM

Re: File Write Denied

Yeah -- all of that makes sense and is inline with my thinking as well so that's good.

i did, though, just have a thought.  what about if we unsolidified the file first?  would that work?  if so, what would that look like?

Also, if that would work, what would happen with the new version of the file?  Would we need to resolidifiy it or would a rule that has the hash in it allow it to work?

0 Kudos
Reply
Pravas
Employee
Employee
Report Inappropriate Content
Message 6 of 6
‎03-29-2022 11:21 PM

Re: File Write Denied

Hi @mlajoie ,

Yes, you may choose to un-solidify the file. Then replace it with the desired version.

Then PSEXECSVC.exe can be Solidified.

Or

You can allow the binary using SHA1 or SHA256 in Executable Files.

Hope it helps

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Reply
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use our Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from product experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by employees.
Join the Community
Join the Community

TrellixSkyhigh Security | Support Trellix.com SkyhighSecurity.com

Legal Privacy Copyright © 2023 Musarubra US LLC