Knowledge Center

Application Event log has multiple alert notifications for Event ID 257 or 258 (VirusScan Enterprise 8.7i and later)
Technical Articles ID:   KB60475
Last Modified:  11/2/2016


McAfee VirusScan Enterprise 8.x


Application Event log is full of alert notifications caused by Access Protection Rule triggers.

Multiple Event ID 257 or 258 entries.

System Change

Deployed VirusScan Enterprise with Access Protection rules enabled that are being commonly triggered in the environment.


The local machine is generating Alerts from Access Protection rules when running VSE 8.7i or later.


Make Access Protection rules more specific.


Instead of a broad encompassing rule:

Prevent remote creation/modification/deletion of anything in the Windows folder and subfolders

Where Process=System:Remote, Pattern=%windir%\**\*, Prevent=Write, Create, Delete

Use a more specific rule:

Prevent remote creation/modification/deletion of any DLL files in the Windows folder and subfolders

Where Process=System:Remote, Pattern=%windir%\**\*.DLL, Prevent=Write, Create, Delete


Configure the clients to filter their alerting. All Access Protection Rules triggers are considered medium severity (Level 2 between 0-lowest and 4-highest). Apply the minimum configuration to suppress Access Protection Alerts in the application event log:

Filter the alerting to level Suppress Information, warnings & low (severity <3)
  1. Click Start, Programs, McAfee, VirusScan Console.
  2. Click Tools, Alerts.
  3. Under Additional Alerting Options select the desired severity filter and click OK.
  4. Exit VirusScan Console.


Disable Behavior Blocking Rules.
If a specific rule is causing too many alerts, consider disabling it until a better rule can be devised or create an exception for the process triggering the rule.
To identify which rule is being triggered refer to the access protection logs:
  • C:\Documents and Settings\All Users\Application Data\McAfee\Desktop Protection\AccessProtectionLog.txt
  • C:\Program Data\McAfee\Desktop Protection\AccessProtectionLog.txt

Rate this document

Affected Products

VirusScan Enterprise 8.8


This article is available in the following languages:

English United States

Beta Translate with

Select a desired language below to translate this page.

Glossary of Technical Terms

 Highlight Glossary Terms

Please take a moment to browse our Glossary of Technical Terms.