CSA 5.2 Log - Antivirus

Unanswered Question
Oct 2nd, 2007
User Badges:

Im seeing this event in my CSAMC. Can someone tell me what it is doing and should an exception be created for this?



The 'Alert Manager Event Interface' service logged event code 257 into the application event log: VirusScan Enterprise: Would be blocked by behaviour blocking rule (rule is currently in warn mode) (warn only mode!).(from COMPUTERNAME IP x.x.x.x user SYSTEM running VirusScan Enter 8.0 OAS)

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
kerraj2004 Tue, 10/02/2007 - 10:22
User Badges:

Hey Tom, thanks for the prompt reply. Is CSA blocking this activity causing this alert from what you can tell?


Thanks,

Adam

tsteger1 Tue, 10/02/2007 - 11:54
User Badges:
  • Red, 2250 points or more

Hi Adam, I'm not sure without actually seeing the machine.


It sounds like CSA is just logging the event, not causing it.


I'd look at the Alert Manager settings on the machine(s) to see if they are configured correctly.


Is this just one machine or all?


Tom


kerraj2004 Wed, 10/03/2007 - 04:30
User Badges:

Hey Tom, in doing some additional research turned out that our McAfee agent lost communication with the ePO server. That message that I was seeing was probably a notification of just that, cant establish comms with the server.


Thanks again,

Adam

Actions

This Discussion