VirusScan Enterprise 8.x queries in ePolicy Orchestrator show false positives on the network as malware
技術的な記事 ID:
KB53317
最終更新: 5/21/2020
最終更新: 5/21/2020
VirusScan Enterprise 8.x queries in ePolicy Orchestrator show false positives on the network as malware
技術的な記事 ID:
KB53317
最終更新: 5/21/2020 環境McAfee VirusScan Enterprise (VSE) 8.8 問題
ePolicy Orchestrator (ePO) reports many false positives for files in McAfee related directories for network clients. ePO reports show multiple Malware (Type Virus) entries similar to the following:
Files on which the scanner times out are reported as Virus and ePO reports them as: 問題On the client, the VSE Framework\McScript_InUse.exe C:\Program Files\Common Files\McAfee\Engine\avvnames.dat Not scanned (scan timed out) NT AUTHORITY\SYSTEM C:\Program Files\McAfee\Common Framework\McScript_InUse.exe C:\Program Files\Common Files\McAfee\Engine\avvclean.dat On the client, the Windows Application Event log frequently reports messaging similar to the following: Type: INFORMATIONSource: Event: 257 User: SYSTEM Description: The scan of Type: INFORMATION Source: Event: 257 User: SYSTEM Description: The scan of 原因
The malware detections are actually scan time-outs.
解決策This behavior is expected because this event category is assigned for instances where there is a scan time-out. These events are uploaded and reported to the ePO server. Make sure that you periodically review these events.
To submit a new product idea, go to: https://community.mcafee.com/t5/Enterprise-Product-Ideas/idb-p/business-ideas.
The Ideas forum is accessible only to McAfee business and enterprise customers. Click Sign In and enter your McAfee ServicePortal (https://support.mcafee.com) User ID and password. If you do not yet have a McAfee ServicePortal or McAfee Community account, click Register to register for a new account on either website. For more information about product ideas, see KB60021 - How to submit a Product Idea. NOTE: The Ideas forum replaces the previous Product Enhancement Request system. 回避策You can filter the scan time-out events that are tagged as malware from the report at the ePO console. This action allows the generated reports to display only virus detections.
IMPORTANT: McAfee recommends that you do not add exclusions at the workstations to avoid the scan time-outs being reported.
To stop all time-outs from being included:
For a complete list of Event IDs for VSE, see KB52417.
言語:技術用語集 |
|