Common Standard Protection rule "Prevent Termination of McAfee Processes" is triggered on Windows 2012 Servers
技术文章 ID:
KB84015
上次修改时间: 6/17/2020
上次修改时间: 6/17/2020
Common Standard Protection rule "Prevent Termination of McAfee Processes" is triggered on Windows 2012 Servers
技术文章 ID:
KB84015
上次修改时间: 6/17/2020 环境McAfee VirusScan Enterprise (VSE) 8.8 Patch 3 and later
Microsoft Windows 2012 servers 问题The access protection rule Prevent Termination of McAfee Processes is triggered during the log on, log off, shut down, and locking processes.
The following is an example of what is logged in the Access Protection log: 2/20/2015 12:52:52 PM Blocked by Access Protection rule NT AUTHORITY\SYSTEM C:\Windows\system32\svchost.exe C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe Common Standard Protection:Prevent termination of McAfee processes Action blocked : Terminate 2/20/2015 12:52:52 PM Blocked by Access Protection rule NT AUTHORITY\SYSTEM C:\Windows\system32\svchost.exe C:\Program Files (x86)\McAfee\VirusScan Enterprise\VSCore\x64\mfehidin.exe Common Standard Protection:Prevent termination of McAfee processes Action blocked : Terminate 2/20/2015 12:52:52 PM Blocked by Access Protection rule NT AUTHORITY\SYSTEM C:\Windows\system32\svchost.exe C:\Windows\system32\mfevtps.exe Common Standard Protection:Prevent termination of McAfee processes Action blocked : Terminate 2/20/2015 12:52:52 PM Blocked by Access Protection rule NT AUTHORITY\SYSTEM C:\Windows\system32\svchost.exe C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe Common Standard Protection:Prevent termination of McAfee processes Action blocked : Terminate 2/20/2015 12:52:52 PM Blocked by Access Protection rule NT AUTHORITY\SYSTEM C:\Windows\system32\svchost.exe C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe Common Standard Protection:Prevent termination of McAfee processes Action blocked : Terminate 2/20/2015 12:52:52 PM Blocked by Access Protection rule NT AUTHORITY\SYSTEM C:\Windows\system32\svchost.exe C:\Program Files (x86)\McAfee\VirusScan Enterprise\mfeann.exe Common Standard Protection:Prevent termination of McAfee processes Action blocked : Terminate 2/20/2015 12:52:52 PM Blocked by Access Protection rule NT AUTHORITY\SYSTEM C:\Windows\system32\svchost.exe C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe Common Standard Protection:Prevent termination of McAfee processes Action blocked : Terminate 2/20/2015 12:52:52 PM Blocked by Access Protection rule NT AUTHORITY\SYSTEM C:\Windows\system32\svchost.exe C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe Common Standard Protection:Prevent termination of McAfee processes Action blocked : Terminate 2/20/2015 12:52:52 PM Blocked by Access Protection rule NT AUTHORITY\SYSTEM C:\Windows\system32\svchost.exe C:\Program Files (x86)\McAfee\VirusScan Enterprise\VSCore\x64\mfehidin.exe Common Standard Protection:Prevent termination of McAfee processes Action blocked : Terminate 2/20/2015 12:52:52 PM Blocked by Access Protection rule NT AUTHORITY\SYSTEM C:\Windows\system32\svchost.exe C:\Windows\system32\mfevtps.exe Common Standard Protection:Prevent termination of McAfee processes Action blocked : Terminate 2/20/2015 12:52:52 PM Blocked by Access Protection rule NT AUTHORITY\SYSTEM C:\Windows\system32\svchost.exe C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe Common Standard Protection:Prevent termination of McAfee processes Action blocked : Terminate 2/20/2015 12:52:52 PM Blocked by Access Protection rule NT AUTHORITY\SYSTEM C:\Windows\system32\svchost.exe C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe Common Standard Protection:Prevent termination of McAfee processes Action blocked : Terminate 2/20/2015 12:52:53 PM Blocked by Access Protection rule NT AUTHORITY\SYSTEM C:\Windows\system32\svchost.exe C:\Program Files (x86)\McAfee\VirusScan Enterprise\mfeann.exe Common Standard Protection:Prevent termination of McAfee processes Action blocked : Terminate 2/20/2015 12:52:53 PM Blocked by Access Protection rule NT AUTHORITY\SYSTEM C:\Windows\system32\svchost.exe C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe Common Standard Protection:Prevent termination of McAfee processes Action blocked : Terminate 2/20/2015 12:52:53 PM Blocked by Access Protection rule NT AUTHORITY\SYSTEM C:\Windows\system32\svchost.exe C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe Common Standard Protection:Prevent termination of McAfee processes Action blocked : Terminate 2/20/2015 12:52:53 PM Blocked by Access Protection rule NT AUTHORITY\SYSTEM C:\Windows\system32\svchost.exe C:\Program Files (x86)\McAfee\VirusScan Enterprise\VSCore\x64\mfehidin.exe Common Standard Protection:Prevent termination of McAfee processes Action blocked : Terminate 2/20/2015 12:52:53 PM Blocked by Access Protection rule NT AUTHORITY\SYSTEM C:\Windows\system32\svchost.exe C:\Windows\system32\mfevtps.exe Common Standard Protection:Prevent termination of McAfee processes Action blocked : Terminate 2/20/2015 12:52:53 PM Blocked by Access Protection rule NT AUTHORITY\SYSTEM C:\Windows\system32\svchost.exe C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe Common Standard Protection:Prevent termination of McAfee processes Action blocked : Terminate 2/20/2015 12:52:53 PM Blocked by Access Protection rule NT AUTHORITY\SYSTEM C:\Windows\system32\svchost.exe C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe Common Standard Protection:Prevent termination of McAfee processes Action blocked : Terminate 2/20/2015 12:52:53 PM Blocked by Access Protection rule NT AUTHORITY\SYSTEM C:\Windows\system32\svchost.exe C:\Program Files (x86)\McAfee\VirusScan Enterprise\mfeann.exe Common Standard Protection:Prevent termination of McAfee processes Action blocked : Terminate
原因A service running within
The Some third-party applications enumerate processes with the privilege to close processes. This fact can cause the rule to be triggered many times per minute, depending on the application. 解决方案This behavior is expected, and VSE is working as designed.
The rule is triggered because it is a self-protection rule. It acts as a security measure to avoid any third-party applications or malware from disabling VSE protection. Contact Microsoft if further root cause or information is needed. 受影响的产品技术术语词汇表 |
|