McAfee issues with EV10?
Created: 26 Feb 2013 • Updated: 30 Apr 2013 | 6 comments
This issue has been solved. See solution.
My customer send me these logs coming from McAfee, he claims EV is trying to terminate the McAfee processes.
Anyone ever encountered an issue like that?
I thought of including the whole enterprise vault folder from AV scanning, but I want to check first if anyone had this issue before.
Response Name: Threat Severity All
Event Type Name: Threat
Event Description: Access Protection rule violation detected and blocked
Number of events: 1
Product: VirusScan Enterprise 8.8
DAT: , Eng.:
Host Name: _
Process Name: C:\Program Files (x86)\Enterprise Vault\StorageServer.exe
IPV4 addresses: IP Add
File Name: C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
Host: ServerName, IP Add, Domain\adminev
Name: Common Standard Protection:Prevent termination of McAfee processes
Event ID: 1092
Action Taken: deny terminate
Category: 'File' class or access
Type: access protection
Event Time: Detected: 02/25/13 17:09:05 UTC, Received: 02/25/13 17:11:39 UTC