cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cheetah
Level 10
Report Inappropriate Content
Message 1 of 3

Database connection or the file to be executed is blocked.

Hi all.

I think i´ve got a problem with the OnAccessScanner.

 

Before I upgraded to ENS 10.7, we were able to start a program on a network drive without any problems.

Well, after upgrading to ENS 10.7, the program can no longer be started
Only one error is displayed when executing the file.
Unfortunately not much is logged in the log files.

 

If I DEACTIVATE the OnAccessScan I can start the program again.

 

 

The only entry I found is:

OnAccessScan_Debug.log:

2020-07-08 09:11:55.724Z|Debug |oasbl |mfetp | 3256| 3540|OAS |oasbl.cpp(2492) | Datei konnte aufgrund eines nicht spezifizierten Fehlers nicht gelesen/geschrieben werden Name\User C:\gekos\bau\local\gekosprg\cache\GekoSDotNetInterop\assembly\dl3\28697266\9b4ebead_0455d601
2020-07-08 09:11:55.727Z|Debug |oasbl |mfetp | 3256| 3540|OAS |oasbl.cpp(2492) | Datei konnte aufgrund eines nicht spezifizierten Fehlers nicht gelesen/geschrieben werden Name\User C:\gekos\bau\local\gekosprg\cache\GekoSDotNetInterop\assembly\temp\ZV79SE3R3X

 

ExploitPrevention_Debug.log:

 

2020-07-09 07:00:37.806Z|Debug |TmpLogger |mfetp | 3320| 3896|Gbop |Gbop.cpp(3729) | [k] Debug: 0x4,18b4 NotifyProcessStart: pid 0x1818, parent pid 0x1230

2020-07-09 07:00:37.807Z|Debug |TmpLogger |mfetp | 3320| 3896|Gbop |Gbop.cpp(3729) | [k] Debug: 0x4,18b4 Process 0x1818 is not currently registered

2020-07-09 07:00:37.856Z|Debug |TmpLogger |mfetp | 3320| 3896|Gbop |Gbop.cpp(3729) | [k] Verb : 0x4,18b4 File description is not available for \DEVICE\MUP\;LANMANREDIRECTOR\;G:00000000000982AD\RATHAUS-08\GEKOS_FILESRV\NOVA\NOVARUN.EXE

2020-07-09 07:00:37.857Z|Debug |TmpLogger |mfetp | 3320| 3896|Gbop |Gbop.cpp(3729) | [k] Debug: 0x4,18b4 Executable flags 0x100100 \DEVICE\MUP\;LANMANREDIRECTOR\;G:00000000000982AD\RATHAUS-08\GEKOS_FILESRV\NOVA\NOVARUN.EXE

2020-07-09 07:00:37.858Z|Debug |TmpLogger |mfetp | 3320| 3896|Gbop |Gbop.cpp(3729) | [k] Debug: 0x4,18b4 Inserted new process entry: 0x1818

2020-07-09 07:00:37.859Z|Debug |TmpLogger |mfetp | 3320| 3896|Gbop |Gbop.cpp(3729) | [k] Debug: 0x4,18b4 G:\NOVA\NOVARUN.EXE, Eid matches:

2020-07-09 07:00:37.860Z|Debug |TmpLogger |mfetp | 3320| 3896|Gbop |Gbop.cpp(3729) | [k] Debug: 0x4,18b4 0 -<ThirdParty> -path G:\NOVA\NOVARUN.EXE -hash 669111a15fae307d81338d7e5c4d74b6 -desc * -sdn *

2020-07-09 07:00:37.860Z|Debug |TmpLogger |mfetp | 3320| 3896|Gbop |Gbop.cpp(3729) | [k] Debug: 0x4,18b4 Eid 484

2020-07-09 07:00:37.861Z|Debug |TmpLogger |mfetp | 3320| 3896|Gbop |Gbop.cpp(3729) | [k] Debug: 0x4,18b4 Eid 519

2020-07-09 07:00:38.007Z|Debug |TmpLogger |mfetp | 3320| 3896|Gbop |Gbop.cpp(3729) | [k] Debug: 0x4,1880 ProcessIsStarted: pid 0x1818, flagx 0x7, parent pid 0x1230

2020-07-09 07:00:38.007Z|Debug |TmpLogger |mfetp | 3320| 3896|Gbop |Gbop.cpp(3729) | [k] Debug: 0x4,1880 ProcessIsStarted: G:\NOVA\NOVARUN.EXE

2020-07-09 07:00:38.162Z|Debug |TmpLogger |mfetp | 3320| 3896|Gbop |Gbop.cpp(3729) | [k] Debug: 0x4,be0 NotifyProcessStart: pid 0x374, parent pid 0x208

2020-07-09 07:00:38.163Z|Debug |TmpLogger |mfetp | 3320| 3896|Gbop |Gbop.cpp(3729) | [k] Debug: 0x4,be0 Process 0x374 is not currently registered

 

Maybe someone here has a valuable tip for me why the program can no longer be started.

 

2 Replies
ktankink
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 3

Re: Database connection or the file to be executed is blocked.

Hi @cheetah Based on the details here, I would suggest contacting McAfee Support (if applicable) to further review the issue.  Please provide the data (debug MER, AMtrace, and Procmon to start) from the KB below.

KB86691 - Minimum data collection steps for Endpoint Security issues
https://kb.mcafee.com/agent/index?page=content&id=KB86691

cheetah
Level 10
Report Inappropriate Content
Message 3 of 3

Re: Database connection or the file to be executed is blocked.

okay thank you very much.
Maybe the onaccessscan isn't.
We are currently investigating another program (Seculution) whether this is perhaps still a little block.
If it is not, we will open a ticket.

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community