McAfee Endpoint security question

I have a Question about my McAfee endpoint setup

I have the Action Enforcement setup like this:Trigger Dynamic Application Containment set to Might Be Malicious Block when reputation threshold reaches most likely Malicious and clean to known Malicious.

When I move the Action Enforcement rules a certain way with Threat Detection User Messaging turned on it stops express vpn from connecting to the internet and I get a ton of alerts from McAfee advising that .exe's that express vpn uses are unknown and asking whether to allow or bock them. but when Threat Detection User Messaging off with the default security rules everything works fine.

currently I have enabled Threat Detection User Messaging set to most likely Malicious with block as the default action and the Rule Assignment is set to security and everything seems to be alright.

I also use voodoo shield along side McAfee endpoint

Should I change anything or leave it as is?

 

what about 24/7 helpdesk for an enterprise product?
https://www.mcafee.com/enterprise/en-us/products/endpoint-security.html
or is mcafee support that bad you need to ask here? just want to know.

 

I'm sure their support is good but mine is unmanaged and I can't use their support services because I got it from other sources