Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

CSA 5.2 Log - Antivirus

Im seeing this event in my CSAMC. Can someone tell me what it is doing and should an exception be created for this?

The 'Alert Manager Event Interface' service logged event code 257 into the application event log: VirusScan Enterprise: Would be blocked by behaviour blocking rule (rule is currently in warn mode) (warn only mode!).(from COMPUTERNAME IP x.x.x.x user SYSTEM running VirusScan Enter 8.0 OAS)

4 REPLIES
Blue

Re: CSA 5.2 Log - Antivirus

I'd look at the event log on the machine in question first. It sounds like Alert manager is failing.

Take a look at this:

https://knowledge.mcafee.com/SupportSite/search.do?cmd=displayKC&docType=kc&externalId=NAI10789&sliceId=SAL_Public&dialogID=13630538&stateId=1%200%2013628767

Tom

New Member

Re: CSA 5.2 Log - Antivirus

Hey Tom, thanks for the prompt reply. Is CSA blocking this activity causing this alert from what you can tell?

Thanks,

Adam

Blue

Re: CSA 5.2 Log - Antivirus

Hi Adam, I'm not sure without actually seeing the machine.

It sounds like CSA is just logging the event, not causing it.

I'd look at the Alert Manager settings on the machine(s) to see if they are configured correctly.

Is this just one machine or all?

Tom

New Member

Re: CSA 5.2 Log - Antivirus

Hey Tom, in doing some additional research turned out that our McAfee agent lost communication with the ePO server. That message that I was seeing was probably a notification of just that, cant establish comms with the server.

Thanks again,

Adam

112
Views
0
Helpful
4
Replies