Application Event log has multiple alert notifications for Event ID 257 or 258
技術的な記事 ID:
KB60475
最終更新: 6/24/2020
最終更新: 6/24/2020
Application Event log has multiple alert notifications for Event ID 257 or 258
技術的な記事 ID:
KB60475
最終更新: 6/24/2020 環境
McAfee VirusScan Enterprise (VSE) 8.x 問題
The Application Event log is full of alert notifications caused by Access Protection Rule triggers.
You see multiple Event ID 257 or 258 entries. システムの変更
You deployed VirusScan Enterprise with Access Protection rules enabled that are being commonly triggered in the environment.
原因The local system is generating alerts from Access Protection rules when VSE runs.
解決策Make Access Protection rules more specific.
Example: Prevent remote creation, modification, or deletion of anything in the Windows folder and subfolders Use a more specific rule: Prevent remote creation, modification, or deletion of any DLL files in the Windows folder and subfolders 解決策Configure the clients to filter their alerting. All Access Protection Rules triggers are considered medium severity. (Medium severity is Level 2 between 0-lowest and 4-highest.) Apply the minimum configuration to suppress Access Protection Alerts in the application event log:
Filter the alerting to level Suppress Information, warnings & low (severity <3)
解決策Disable Behavior Blocking Rules.
If a specific rule causes too many alerts, consider disabling it until a better rule can be devised. Or, create an exception for the process that triggers the rule.
To identify which rule is being triggered, see the access protection logs:
影響を受ける製品言語:技術用語集 |
|