Loading...

Knowledge Center

Non-configurable VirusScan Enterprise Access Protection rule "G_BehavioralScan:BS01" is triggered on systems when the HOSTS file is accessed
Technical Articles ID:   KB87857
Last Modified:  6/13/2017
Rated:

Environment

McAfee VirusScan Enterprise (VSE) 8.8 Patch 8

For details of VSE supported environments, see KB51111.

Problem

The VSE AccessProtectionLog.txt contains lines similar to the following:
 
<date>    Would be blocked by Access Protection rule  (rule is currently not enforced)     <User>    C:\PROGRAM FILES (X86)\NOTEPAD++\NOTEPAD++.EXE    C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS    G_BehavioralScan:BS01    Action blocked : Write

System Change

Installed VSE 8.8 Patch 8.

Cause

Access Protection is notifying the user that a process, "NOTEPAD++.EXE" in the above example, has been trying to modify/access the HOSTS file. The rule is not enforced by Access Protection, and access to the requested resource by the requesting process is granted. Some processes, such as VPN clients, may have a need to frequently modify or open/close the HOSTS file during their normal operation so the rule may be triggered more or less frequently. Also, an event is created on the client that is uploaded to the ePolicy Orchestrator (ePO) server to notify the ePO administrator that the rule has been triggered (ePO Event ID: 1095). The rule cannot be configured/changed through ePO policy or the VSE GUI.

Solution

VSE 8.8 Patch 8 erroneously reports on this rule. In VSE 8.8 Patch 9, the behavior is changed so the rule is in non-reporting mode, and it will not be available for management through ePO policy or the VSE GUI.

This issue is resolved in VirusScan Enterprise 8.8.0 Update 9, which is available from the Product Downloads site at: http://mcafee.com/us/downloads/downloads.aspx.

NOTE: You need a valid Grant Number for access. KB56057 provides additional information about the Product Downloads site, and alternate locations for some products.

Updates are cumulative; Technical Support recommends that you install the latest one.

Related Information

Common search terms to find this article: G_BehavioralScan, BS01

Rate this document

Languages:

This article is available in the following languages:

English United States
Japanese

Beta Translate with

Select a desired language below to translate this page.

Glossary of Technical Terms


 Highlight Glossary Terms

Please take a moment to browse our Glossary of Technical Terms.