Remove
MsMpEng.exe from the config
SkipMsftList (validate the name), and add the same binary to
Process passthru. After it's removed from
SkipMsftList, ACC doesn't try to go into the path where the Null pointer dereferences happen.
To perform the steps locally:
- Open a Command Line with Administrator rights.
Start > Run > Cmd as admin
- Recover Solidcore CMD.
Sadmin recover
- Remove MsMpEng.exe from the Solidcore config SkipMsftList.
Sadmin config set SkipMsftList=""
- Add MSMPENG to process passthru:
Sadmin attr add -p MsMpEng.exe
To perform the steps through ePO:
- Create a Client Task (Run Commands) using the following commands (sadmin isn't needed as part of these commands):
config set SkipMsftList=""
- Add MsMpEng.exe to a Solidcore rule group under exclusions:
- Click Menu, Solidcore Rules.
- Create a rule group or add to the existing rule group.
- Click Exclusions Tab.
- Click Add, Advanced Options.
- Select Exclude from Write protection and allow Script Execution.
- Add MsMpEng.exe.
- Save the rule group and add to your assigned policy.
