Common Standard Protection rule "Prevent Termination of McAfee Processes" is triggered on Windows 2012 Servers

技术文章 ID: KB84015
上次修改时间: 6/17/2020

环境

McAfee VirusScan Enterprise (VSE) 8.8 Patch 3 and later

Microsoft Windows 2012 servers

问题

The access protection rule Prevent Termination of McAfee Processes is triggered during the log on, log off, shut down, and locking processes.

The following is an example of what is logged in the Access Protection log:

2/20/2015 12:52:52 PM Blocked by Access Protection rule NT AUTHORITY\SYSTEM C:\Windows\system32\svchost.exe C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe Common Standard Protection:Prevent termination of McAfee processes Action blocked : Terminate
2/20/2015 12:52:52 PM Blocked by Access Protection rule NT AUTHORITY\SYSTEM C:\Windows\system32\svchost.exe C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe
Common Standard Protection:Prevent termination of McAfee processes Action blocked : Terminate
2/20/2015 12:52:52 PM Blocked by Access Protection rule NT AUTHORITY\SYSTEM C:\Windows\system32\svchost.exe C:\Program Files (x86)\McAfee\VirusScan Enterprise\VSCore\x64\mfehidin.exe Common Standard Protection:Prevent termination of McAfee processes Action blocked : Terminate
2/20/2015 12:52:52 PM Blocked by Access Protection rule NT AUTHORITY\SYSTEM C:\Windows\system32\svchost.exe C:\Windows\system32\mfevtps.exe
Common Standard Protection:Prevent termination of McAfee processes Action blocked : Terminate
2/20/2015 12:52:52 PM Blocked by Access Protection rule NT AUTHORITY\SYSTEM C:\Windows\system32\svchost.exe C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
Common Standard Protection:Prevent termination of McAfee processes Action blocked : Terminate
2/20/2015 12:52:52 PM Blocked by Access Protection rule NT AUTHORITY\SYSTEM C:\Windows\system32\svchost.exe C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe
Common Standard Protection:Prevent termination of McAfee processes Action blocked : Terminate
2/20/2015 12:52:52 PM Blocked by Access Protection rule NT AUTHORITY\SYSTEM C:\Windows\system32\svchost.exe C:\Program Files (x86)\McAfee\VirusScan Enterprise\mfeann.exe
Common Standard Protection:Prevent termination of McAfee processes Action blocked : Terminate
2/20/2015 12:52:52 PM Blocked by Access Protection rule NT AUTHORITY\SYSTEM C:\Windows\system32\svchost.exe C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe Common Standard Protection:Prevent termination of McAfee processes Action blocked : Terminate
2/20/2015 12:52:52 PM Blocked by Access Protection rule NT AUTHORITY\SYSTEM C:\Windows\system32\svchost.exe C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe
Common Standard Protection:Prevent termination of McAfee processes Action blocked : Terminate
2/20/2015 12:52:52 PM Blocked by Access Protection rule NT AUTHORITY\SYSTEM C:\Windows\system32\svchost.exe C:\Program Files (x86)\McAfee\VirusScan Enterprise\VSCore\x64\mfehidin.exe Common Standard Protection:Prevent termination of McAfee processes Action blocked : Terminate
2/20/2015 12:52:52 PM Blocked by Access Protection rule NT AUTHORITY\SYSTEM C:\Windows\system32\svchost.exe C:\Windows\system32\mfevtps.exe
Common Standard Protection:Prevent termination of McAfee processes Action blocked : Terminate
2/20/2015 12:52:52 PM Blocked by Access Protection rule NT AUTHORITY\SYSTEM C:\Windows\system32\svchost.exe C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
Common Standard Protection:Prevent termination of McAfee processes Action blocked : Terminate
2/20/2015 12:52:52 PM Blocked by Access Protection rule NT AUTHORITY\SYSTEM C:\Windows\system32\svchost.exe C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe
Common Standard Protection:Prevent termination of McAfee processes Action blocked : Terminate
2/20/2015 12:52:53 PM Blocked by Access Protection rule NT AUTHORITY\SYSTEM C:\Windows\system32\svchost.exe C:\Program Files (x86)\McAfee\VirusScan Enterprise\mfeann.exe
Common Standard Protection:Prevent termination of McAfee processes Action blocked : Terminate
2/20/2015 12:52:53 PM Blocked by Access Protection rule NT AUTHORITY\SYSTEM C:\Windows\system32\svchost.exe C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe Common Standard Protection:Prevent termination of McAfee processes Action blocked : Terminate
2/20/2015 12:52:53 PM Blocked by Access Protection rule NT AUTHORITY\SYSTEM C:\Windows\system32\svchost.exe C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe
Common Standard Protection:Prevent termination of McAfee processes Action blocked : Terminate
2/20/2015 12:52:53 PM Blocked by Access Protection rule NT AUTHORITY\SYSTEM C:\Windows\system32\svchost.exe C:\Program Files (x86)\McAfee\VirusScan Enterprise\VSCore\x64\mfehidin.exe Common Standard Protection:Prevent termination of McAfee processes Action blocked : Terminate
2/20/2015 12:52:53 PM Blocked by Access Protection rule NT AUTHORITY\SYSTEM C:\Windows\system32\svchost.exe C:\Windows\system32\mfevtps.exe
Common Standard Protection:Prevent termination of McAfee processes Action blocked : Terminate
2/20/2015 12:52:53 PM Blocked by Access Protection rule NT AUTHORITY\SYSTEM C:\Windows\system32\svchost.exe C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
Common Standard Protection:Prevent termination of McAfee processes Action blocked : Terminate
2/20/2015 12:52:53 PM Blocked by Access Protection rule NT AUTHORITY\SYSTEM C:\Windows\system32\svchost.exe C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe
Common Standard Protection:Prevent termination of McAfee processes Action blocked : Terminate
2/20/2015 12:52:53 PM Blocked by Access Protection rule NT AUTHORITY\SYSTEM C:\Windows\system32\svchost.exe C:\Program Files (x86)\McAfee\VirusScan Enterprise\mfeann.exe
Common Standard Protection:Prevent termination of McAfee processes Action blocked : Terminate

原因

A service running within SvcHost.exe or a third-party process accesses and enumerates the running processes with a permission set that allows it to close processes. But, it might not actually be trying to close processes.

The Svchost.exe process is on your computer and hosts, or contains, other individual services that Windows uses to perform several functions. For example, Windows Defender uses a service that a svchost.exe process hosts. There can be multiple instances of svchost.exe running on your computer, with each instance containing different services. One instance of svchost.exe might host a single service for a program, and another instance might host several services related to Windows. You can use Task Manager to view which services are running under each instance of svchost.exe.

Some third-party applications enumerate processes with the privilege to close processes. This fact can cause the rule to be triggered many times per minute, depending on the application.

解决方案

This behavior is expected, and VSE is working as designed.

The rule is triggered because it is a self-protection rule. It acts as a security measure to avoid any third-party applications or malware from disabling VSE protection.

Contact Microsoft if further root cause or information is needed.

受影响的产品

VirusScan Enterprise 8.8

语言:

此文章有以下语言版本：

German
English United States
Spanish Spain
French
Italian
Japanese
Korean
Dutch
Portuguese Brasileiro
Chinese Simplified
Chinese Traditional

技术术语词汇表

突出显示词汇表术语

请花点时间浏览一下我们的技术术语词汇表。

Common Standard Protection rule "Prevent Termination of McAfee Processes" is triggered on Windows 2012 Servers

环境

问题

原因

解决方案

受影响的产品

语言:

技术术语词汇表

Title

Title

特色解决方案

了解我们的产品组合

安全结果

行业

产品

特色解决方案

了解我们的产品组合

MVISION 产品

服务和培训

威胁研究

我们的研究机构

威胁形势信息显示板

工具

联系我们

相关资源

下载

产品帮助

联系我们

了解

我们的公司

我们付出的努力

其他资源

工作机会

合作关系

Common Standard Protection rule "Prevent Termination of McAfee Processes" is triggered on Windows 2012 Servers

环境

问题

原因

解决方案

受影响的产品

语言:

技术术语词汇表

选择您的区域

Title

Title