Registry and policy values for Endpoint Security Adaptive Threat Protection are mismatched

Technical Articles ID: KB95871
Last Modified: 2022-07-25 05:07:49 Etc/GMT

Environment

Endpoint Security (ENS) Adaptive Threat Protection (ATP) 10.x

Problem

After the installation of ENS ATP, the local client shows the correct settings as set in the policy. But, the registry values don't match.

Example:

GUI:
Might Be Malicious = 30
Most Likely Malicious = 15
Known Malicious = 1

Values in the registry:
Computer\HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\Endpoint\ATP
ContainLevel 50 = Unkown
BlockLevel 30 = Might be Malicious
CleanLevel 1 = Known Malicious

Solution

If you experience this issue, create a Service Request and include this article number in the Problem Description field. You will be prompted to log on to the ServicePortal.

IMPORTANT: The following files are required for Technical Support:

Minimum Escalation Requirements (MER) files for your specific product. For information about downloading the MERs for each product, see KB59385 - How to use MER tools with supported products.
Other files and logs, as requested by Technical Support.

Workaround

To have the correct values assigned, make an arbitrary change to each of these settings (contain, block, and clean levels) and enforce the change on the client. Then, revert to the original settings.

Go to the Policy Catalog.
Click Endpoint Security Adaptive Threat Protection.
Select the Options policy category.
Click Edit for the policy you need to modify.
Go to the section Action Enforcement.
Change the option for Trigger Dynamic Application Containment when reputation threshold reaches to a higher reputation threshold. For example, if the current setting is Might be Malicious, set it to Unknown.
Change the option for Block when reputation threshold reaches to a higher reputation threshold. For example, if the current setting is Most Likely Malicious, set it to Might be Malicious.
Change the option for Clean when reputation threshold reaches to a higher reputation threshold. For example, if the current setting is Known Malicious, set it to Most Likely Malicious.
Click Save and enforce the policy on the client.
Revert the three policy changes in steps 6–8 to the original settings, save, and re-enforce the policy on the client.

Affected Products

Languages:

This article is available in the following languages:

Knowledge Center

Registry and policy values for Endpoint Security Adaptive Threat Protection are mismatched

Environment

Problem

Solution

Workaround

Affected Products

Languages:

Title

Title

Knowledge Center

Registry and policy values for Endpoint Security Adaptive Threat Protection are mismatched

Environment

Problem

Solution

Workaround

Affected Products

Languages:

Choose your region

Title

Title