Loading...

Knowledge Center


Threat events raised by Endpoint Security and reported to ePolicy Orchestrator contain an incorrect build number for "Detecting Product Version"
Technical Articles ID:   KB89380
Last Modified:  7/3/2017

Environment

McAfee Endpoint Security (ENS) Threat Prevention 10.5.x, 10.2.x

Problem

An incorrect product build number is reported during the "Detecting Product Version" operation associated with an ePolicy Orchestrator (ePO) event. This issue may affect Access Protection/Self Protection events, events triggered by ENS Exploit Prevention, or events raised by the Threat Prevention module.

Example of event information for ENS 10.5.1 in the ePO Threat Event Log:
 
Server ID: <machinename>
Event Received Time: <time stamp>
Event Generated Time: <time stamp>
Agent GUID: <AgentGUID>
Detecting Prod ID (deprecated): ENDP_GS_1050
Detecting Product Name:
Endpoint Security Platform
Detecting Product Version: 10.5.0
Detecting Product Host Name: <hostname>
Detecting Product IPv4 Address:<IP address>
Detecting Product IP Address: <IP address>
Detecting Product MAC Address:<MAC address>
DAT Version:
Engine Version:
Threat Source Host Name:
Threat Source IPv4 Address: <IP address>
Threat Source IP Address: <IP address>
Threat Source MAC Address:
Threat Source User Name:
Threat Source Process Name: <DLL being injected>
Threat Source URL:
Threat Target Host Name: <hostname>
Threat Target IPv4 Address: <IP address>
Threat Target IP Address: <IP address>
Threat Target MAC Address:
Threat Target User Name:
Threat Target Port Number:
Threat Target Network Protocol:
Threat Target Process Name:
Threat Target File Path:
Event Category: Malware detected
Event ID: 34865
Threat Severity: Critical
Threat Name: Self Protection - protect McAfee processes
Threat Type: Self Protection
Action Taken: Blocked
Threat Handled:
Analyzer Detection Method: Events received from managed systems
Event Description: DLL Injection Event

Solution

This issue is resolved in Endpoint Security 10.5.3, which is available from the Product Downloads site at: http://mcafee.com/us/downloads/downloads.aspx.

NOTE: You need a valid Grant Number for access. KB56057 provides additional information about the Product Downloads site, and alternate locations for some products.

Updates are cumulative; Technical Support recommends that you install the latest one.

Solution

This issue is resolved in Endpoint Security 10.2.2, which is available from the Product Downloads site at: http://mcafee.com/us/downloads/downloads.aspx.

NOTE: You need a valid Grant Number for access. KB56057 provides additional information about the Product Downloads site, and alternate locations for some products.

Updates are cumulative; Technical Support recommends that you install the latest one.

Rate this document

Beta Translate with

Select a desired language below to translate this page.

Languages:

This article is available in the following languages:

English United States
Japanese

Glossary of Technical Terms


 Highlight Glossary Terms

Please take a moment to browse our Glossary of Technical Terms.