CSA 5.2 Log - Antivirus

kerraj2004 · ‎10-02-2007

Im seeing this event in my CSAMC. Can someone tell me what it is doing and should an exception be created for this?

The 'Alert Manager Event Interface' service logged event code 257 into the application event log: VirusScan Enterprise: Would be blocked by behaviour blocking rule (rule is currently in warn mode) (warn only mode!).(from COMPUTERNAME IP x.x.x.x user SYSTEM running VirusScan Enter 8.0 OAS)

tsteger1 · ‎10-02-2007

I'd look at the event log on the machine in question first. It sounds like Alert manager is failing.

Take a look at this:

https://knowledge.mcafee.com/SupportSite/search.do?cmd=displayKC&docType=kc&externalId=NAI10789&sliceId=SAL_Public&dialogID=13630538&stateId=1%200%2013628767

Tom

kerraj2004 · ‎10-02-2007

Hey Tom, thanks for the prompt reply. Is CSA blocking this activity causing this alert from what you can tell?

Thanks,

Adam

tsteger1 · ‎10-02-2007

Hi Adam, I'm not sure without actually seeing the machine.

It sounds like CSA is just logging the event, not causing it.

I'd look at the Alert Manager settings on the machine(s) to see if they are configured correctly.

Is this just one machine or all?

Tom

kerraj2004 · ‎10-03-2007

Hey Tom, in doing some additional research turned out that our McAfee agent lost communication with the ePO server. That message that I was seeing was probably a notification of just that, cant establish comms with the server.

Thanks again,

Adam