Non-configurable VirusScan Enterprise Access Protection rule "G_BehavioralScan:BS01" is triggered on systems when the HOSTS file is accessed

Technical Articles ID: KB87857
Last Modified: 6/13/2017
Rated:

Environment

McAfee VirusScan Enterprise (VSE) 8.8 Patch 8

For details of VSE supported environments, see KB51111.

Problem

The VSE AccessProtectionLog.txt contains lines similar to the following:

<date> Would be blocked by Access Protection rule (rule is currently not enforced) <User> C:\PROGRAM FILES (X86)\NOTEPAD++\NOTEPAD++.EXE C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS G_BehavioralScan:BS01 Action blocked : Write

System Change

Installed VSE 8.8 Patch 8.

Cause

Access Protection is notifying the user that a process, "NOTEPAD++.EXE" in the above example, has been trying to modify/access the HOSTS file. The rule is not enforced by Access Protection, and access to the requested resource by the requesting process is granted. Some processes, such as VPN clients, may have a need to frequently modify or open/close the HOSTS file during their normal operation so the rule may be triggered more or less frequently. Also, an event is created on the client that is uploaded to the ePolicy Orchestrator (ePO) server to notify the ePO administrator that the rule has been triggered (ePO Event ID: 1095). The rule cannot be configured/changed through ePO policy or the VSE GUI.

Solution

VSE 8.8 Patch 8 erroneously reports on this rule. In VSE 8.8 Patch 9, the behavior is changed so the rule is in non-reporting mode, and it will not be available for management through ePO policy or the VSE GUI.

{VSE88P9.EN_US}

Related Information

Common search terms to find this article: G_BehavioralScan, BS01

Disclaimer

The content of this article originated in English. If there are differences between the English content and its translation, the English content is always the most accurate. Some of this content has been provided using Machine Translation translated by Microsoft.

Affected Products

Known Issue/Product Defect
VirusScan Enterprise 8.8

Languages:

This article is available in the following languages:

English United States
Japanese

Beta Translate with

Select a desired language below to translate this page.

Glossary of Technical Terms

Highlight Glossary Terms

Please take a moment to browse our Glossary of Technical Terms.

Data Protection and Encryption

Database Security

Endpoint Protection

Network Security

Security Analytics

Security Management

Server Security

SIEM

Web Security

Data Center and Cloud Defense

Dynamic Endpoint Threat Defense

Pervasive Data Protection

Intelligent Security Operations

Embedded Security

Data Exchange Layer

Security Consulting

Product Consulting

Education Services

McAfee Labs

Advanced Threat Research

Threat Landscape Dashboard

Security Awareness

McAfee Labs Data Submission

Premier Success Plan

Security Updates

Product Downloads

Free Trials

Free Tools

Community Expert Center

Knowledge Center

Patch Downloads

Support Tools

Service Requests

Resellers

Managed Service Providers

Security Innovation Alliance

Global Strategic Alliances

OEM & Embedded Alliances

Find a Reseller or Distributor