Can you let us know as why these threat target file path of McAfee events itself are showing up as threat and FILE_DELETED_UPDATE
Server ID: SV510057Event Received Time: 6/9/19 6:27:27 AM BSTEvent Generated Time: 6/9/19 6:03:45 AM BSTPreferred Event Time: 6/9/19 6:03:45 AM BSTAgent GUID: DC8996EC-918B-11E8-2124-B4B6769E2D39Detecting Prod ID (deprecated): SOLIDCORE_METADetecting Product Name: SolidifierDetecting Product Version: 126.96.36.199Detecting Product Host Name: TB600xxDAT Version:Engine Version:Threat Source Host Name:Threat Source MAC Address:Threat Source User Name:Threat Source Process Name:Threat Source URL:Threat Target MAC Address: 00059a3c7a00Threat Target User Name: NT AUTHORITY\SYSTEMThreat Target Port Number:Threat Target Network Protocol:Threat Target Process Name: C:\program files\common files\mcafee\systemcore\mcshield.exeThreat Target File Path: C:\Program Files\Common Files\McAfee\SystemCore\temp_vscan.bofEvent Category: File MonitoringEvent ID: 20775Threat Severity: InformationThreat Name: FILE_DELETED_UPDATEThreat Type: NoneAction Taken: NoneThreat Handled:Analyzer Detection Method:Events received from managed systemsEvent Description: File Deleted
We are going to need more information then just the event... Do you see the same event under Solidcore events?
McAfee SupportBenjamin EllisWas my reply helpful?If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?
Download the new ePolicy Orchestrator (ePO) Support Center Extension which simplifies ePO management and provides support resources directly in the console. Learn more about ePO Support Center
2821 Mission College Blvd.
Santa Clara, CA 95054 USA
Consumer Support | Enterprise Support | McAfee.com
Legal | Privacy | Copyright © 2019 McAfee, LLC