cancel
Showing results for 
Search instead for 
Did you mean: 
townendk
Level 7

VSE OAS detecting DLP related files

Hi All, I am currently migrating agents from an ePO 4.5 with HDPL9 and VSE8.8 to an ePO 4.6 with HDLP 9.2 and VSE8.8

Something I've noticed since migrating is a handful of OAS detections on a handful of agents, all pointing to files within a path similar to the following:

C:\Documents and Settings\All Users\Application Data\McAfee\DLP\Temp\S-1-5-21-1343024091-1614895754-682003330-3050\TeFilesOutput\1\EMB1658.tmp

Exploit-FCN!CVE2013-0422

Trojan

C:\Documents and Settings\All Users\Application Data\McAfee\DLP\Temp\S-1-5-21-1343024091-1614895754-682003330-6032\TeFilesOutput\2\EMBD1F5.tmp

Malware (av.pup)

PWCrack-Oracle

etc.

Does anybody have any ideas on what's causing this? It's causing an unusually high count of detections, but they've all got Malware types associated to them and automatic resolutions.

0 Kudos
1 Reply
ssadlocha
Level 10

Re: VSE OAS detecting DLP related files

It looks like this question has been out there for a while. My company recently implemented McAfee, and we are seeing this type of activity as well. It looks as if the threats are all in the C:\Documents and Settings\All Users\Application Data\McAfee\DLP\Temp folder structure. We are seeing several different threats indicated, some that I wouldn't expect to see in this location (Java Exploit CVE-2012-1723 is one). Does anyone have any information on this?

0 Kudos