cancel
Showing results for 
Search instead for 
Did you mean: 

ENS Adaptive Threat Protection

Need to block below as its shows clean

 

07/03/2018 23:24:01   mfeatp(12940.15208) <SYSTEM> Orchestrator.RealProtect.Activity: Real Protect client scanner is Enabled and Real Protect cloud scanner is Enabled
07/03/2018 23:24:34   mfeatp(12940.204) <SYSTEM> Orchestrator.Action.Activity: Action Taken on File C:\USERS\XXX\APPDATA\LOCAL\TEMP\DOCUMENTO.SCR with reputation 1 is: Clean
07/03/2018 23:24:34   mfeatp(12940.204) <SYSTEM> Orchestrator.Action.Activity: Action Details::  File: DOCUMENTO.SCR , Mode: Enforce , Scanner: Real Protect Client , Detection Name: Real Protect-LS!e953dae987f0 , Reputation: 1  [Known Malicious] , ActionTaken: Clean  Rule id: 0 , Content Version: 1.0.0.723
08/03/2018 07:05:11   mfeatp(12940.13604) <SYSTEM> Orchestrator.RealProtect.Activity: Real Protect client scanner is Enabled and Real Protect cloud scanner is Enabled
08/03/2018 07:10:52   mfeatp(12940.7180) <SYSTEM> Orchestrator.RealProtect.Activity: Real Protect cloud scanner will monitor process with process id 6508 , file path C:\USERS\XXX\APPDATA\LOCAL\TEMP\DOCUMENTO.SCR
08/03/2018 07:10:58   mfeatp(12940.7180) <SYSTEM> Orchestrator.RealProtect.Activity: Real Protect cloud scanner will monitor process with process id 5528 , file path C:\USERS\XXX\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\STARTUP\CYANKA.EXE
08/03/2018 07:10:58   mfeatp(12940.7180) <SYSTEM> Orchestrator.RealProtect.Activity: Real Protect cloud scanner will monitor process with process id 7588 , file path C:\USERS\XXX\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\STARTUP\CYANKA.EXE
08/03/2018 07:11:48   mfeatp(12940.14016) <SYSTEM> Orchestrator.RepChangeListener.Activity: Real Protect cloud scanner trace complete for process id 6508 , file c:\users\xxx\appdata\local\temp\documento.scr with reason id 9
08/03/2018 07:15:32   mfeatp(12940.2808) <SYSTEM> Orchestrator.Action.Activity: Action Taken on File C:\USERS\XXX\APPDATA\LOCAL\TEMP\DOCUMENTO.SCR with reputation 1 is: Clean
08/03/2018 07:15:32   mfeatp(12940.2808) <SYSTEM> Orchestrator.Action.Activity: Action Details::  File: DOCUMENTO.SCR , Mode: Enforce , Scanner: Real Protect Client , Detection Name: Real Protect-LS!e953dae987f0 , Reputation: 1  [Known Malicious] , ActionTaken: Clean  Rule id: 0 , Content Version: 1.0.0.723
08/03/2018 07:15:40   mfeatp(12940.13604) <SYSTEM> Orchestrator.RepChangeListener.Activity: Real Protect cloud scanner trace complete for process id 0 , file c:\users\xxx\appdata\local\temp\documento.scr with reason id 7
08/03/2018 07:15:42   mfeatp(12940.7228) <SYSTEM> Orchestrator.Action.Activity: Real Protect cloud found detection, detection name: Real Protect-SS!E953DAE987F0 in source process id: 0 , source path: c:\users\xxx\appdata\local\temp , source name: documento.scr , source hash: E953DAE987F0AFD5E66066E5A6792EA6 , reputation: 1  [Known Malicious] , source user:  , target user:  , action taken: Clean , content version: 1.0 , engine version: 10.4264
08/03/2018 15:40:19   mfeatp(12940.13432) <SYSTEM> Orchestrator.RealProtect.Activity: Real Protect client scanner is Enabled and Real Protect cloud scanner is Enabled
08/03/2018 15:40:44   mfeatp(12940.14820) <SYSTEM> Orchestrator.RealProtect.Activity: Real Protect cloud scanner will monitor process with process id 14320 , file path C:\USERS\XXX\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\STARTUP\CYANKA.EXE
08/03/2018 15:41:04   mfeatp(12940.1640) <SYSTEM> Orchestrator.Action.Activity: Action Taken on File C:\USERS\XXX\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\STARTUP\CYANKA.EXE with reputation 1 is: Clean
08/03/2018 15:41:04   mfeatp(12940.1640) <SYSTEM> Orchestrator.Action.Activity: Action Details::  File: CYANKA.EXE , Mode: Enforce , Scanner: Real Protect Client , Detection Name: Real Protect-LS!e953dae987f0 , Reputation: 1  [Known Malicious] , ActionTaken: Clean  Rule id: 0 , Content Version: 1.0.0.723
08/03/2018 15:41:45   mfeatp(12940.12912) <SYSTEM> Orchestrator.RepChangeListener.Activity: Real Protect cloud scanner trace complete for process id 14320 , file c:\users\xxx\appdata\roaming\microsoft\windows\start menu\programs\startup\cyanka.exe with reason id 7
08/03/2018 15:41:46   mfeatp(12940.9356) <SYSTEM> Orchestrator.Action.Activity: Real Protect cloud found detection, detection name: Real Protect-SS!E953DAE987F0 in source process id: 14320 , source path: c:\users\xxx\appdata\roaming\microsoft\windows\start menu\programs\startup , source name: cyanka.exe , source hash: E953DAE987F0AFD5E66066E5A6792EA6 , reputation: 1  [Known Malicious] , source user:  , target user:  , action taken: Clean , content version: 1.0 , engine version: 10.4264
08/03/2018 17:04:59   mfeatp(12940.7052) <SYSTEM> Orchestrator.Action.Activity: Action Taken on File C:\USERS\XXX\APPDATA\LOCAL\TEMP\DOCUMENTO.SCR with reputation 1 is: Clean
08/03/2018 17:04:59   mfeatp(12940.7052) <SYSTEM> Orchestrator.Action.Activity: Action Details::  File: DOCUMENTO.SCR , Mode: Enforce , Scanner: Real Protect Client , Detection Name: Real Protect-LS!e953dae987f0 , Reputation: 1  [Known Malicious] , ActionTaken: Clean  Rule id: 0 , Content Version: 1.0.0.723
08/03/2018 17:14:55   mfeatp(12940.4572) <SYSTEM> Orchestrator.RealProtect.Activity: Real Protect cloud scanner will monitor process with process id 7268 , file path C:\USERS\XXX\APPDATA\LOCAL\TEMP\DOCUMENTO.SCR
08/03/2018 17:14:57   mfeatp(12940.4572) <SYSTEM> Orchestrator.RealProtect.Activity: Real Protect cloud scanner will monitor process with process id 7972 , file path C:\USERS\XXX\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\STARTUP\CYANKA.EXE
08/03/2018 17:14:58   mfeatp(12940.4572) <SYSTEM> Orchestrator.RealProtect.Activity: Real Protect cloud scanner will monitor process with process id 9220 , file path C:\USERS\XXX\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\STARTUP\CYANKA.EXE
08/03/2018 17:15:49   mfeatp(12940.13564) <SYSTEM> Orchestrator.RepChangeListener.Activity: Real Protect cloud scanner trace complete for process id 7268 , file c:\users\xxx\appdata\local\temp\documento.scr with reason id 9
08/03/2018 17:25:07   mfeatp(7408.3288) <SYSTEM> EPSERVICE.mfeatp.Activity: Starting service...
08/03/2018 17:25:07   mfeatp(7408.3288) <SYSTEM> EPSERVICE.mfeatp.Activity: Loading Reputation-Unified component...
08/03/2018 17:25:15   mfeatp(7408.3288) <SYSTEM> EPSERVICE.mfeatp.Activity: Loading ATP component...
08/03/2018 17:25:22   mfeatp(7408.3288) <SYSTEM> EPSERVICE.mfeatp.Activity: Loading ATPMA component...
08/03/2018 17:25:23   mfeatp(7408.3288) <SYSTEM> EPSERVICE.mfeatp.Activity: Loading RepairModule component...
08/03/2018 17:25:24   mfeatp(7408.3288) <SYSTEM> atpbl.ATP.Activity: ATP version 10.5.3.3113
08/03/2018 17:25:24   mfeatp(7408.3288) <SYSTEM> Orchestrator.OES.Activity: Starting scan orchestrator
08/03/2018 17:25:24   mfeatp(7408.3288) <SYSTEM> Orchestrator.OES.Activity: Adaptive Threat Protection is Enabled
08/03/2018 17:25:38   mfeatp(7408.3288) <SYSTEM> Orchestrator.OES.Activity: Configuring AMCore update monitor
08/03/2018 17:25:38   mfeatp(7408.3288) <SYSTEM> Orchestrator.OES.Activity: Configuring reputation scanner
08/03/2018 17:25:38   mfeatp(7408.3288) <SYSTEM> Orchestrator.JCM.Activity: System is not using proxy
08/03/2018 17:25:42   mfeatp(7408.3288) <SYSTEM> Orchestrator.JCM.Activity: Connectivity status is McAfee GTI Connectivity Only
08/03/2018 17:25:42   mfeatp(7408.3288) <SYSTEM> Orchestrator.OES.Activity: Configuring JTI scanner
08/03/2018 17:26:57   mfeatp(7408.3288) <SYSTEM> Orchestrator.OES.Activity: Configuring exclusions scanner
08/03/2018 17:26:57   mfeatp(7408.3288) <SYSTEM> Orchestrator.OES.Activity: Configuring real protect scanner
08/03/2018 17:26:57   mfeatp(7408.3288) <SYSTEM> Orchestrator.RealProtect.Activity: Real Protect client scanner is Enabled and Real Protect cloud scanner is Enabled
08/03/2018 17:27:11   mfeatp(7832.9236) <SYSTEM> EPSERVICE.mfeatp.Activity: Starting service...
08/03/2018 17:27:11   mfeatp(7832.9236) <SYSTEM> EPSERVICE.mfeatp.Activity: Loading Reputation-Unified component...
08/03/2018 17:27:17   mfeatp(7832.9236) <SYSTEM> EPSERVICE.mfeatp.Activity: Loading ATP component...
08/03/2018 17:27:18   mfeatp(7832.9236) <SYSTEM> EPSERVICE.mfeatp.Activity: Loading ATPMA component...
08/03/2018 17:27:18   mfeatp(7832.9236) <SYSTEM> EPSERVICE.mfeatp.Activity: Loading RepairModule component...
08/03/2018 17:27:18   mfeatp(7832.9236) <SYSTEM> atpbl.ATP.Activity: ATP version 10.5.3.3113
08/03/2018 17:27:18   mfeatp(7832.9236) <SYSTEM> Orchestrator.OES.Activity: Starting scan orchestrator
08/03/2018 17:27:18   mfeatp(7832.9236) <SYSTEM> Orchestrator.OES.Activity: Adaptive Threat Protection is Enabled
08/03/2018 17:27:18   mfeatp(7832.9236) <SYSTEM> Orchestrator.OES.Activity: Configuring AMCore update monitor
08/03/2018 17:27:18   mfeatp(7832.9236) <SYSTEM> Orchestrator.OES.Activity: Configuring reputation scanner
08/03/2018 17:27:18   mfeatp(7832.9236) <SYSTEM> Orchestrator.JCM.Activity: System is not using proxy
08/03/2018 17:27:21   mfeatp(7832.9236) <SYSTEM> Orchestrator.JCM.Activity: Connectivity status is McAfee GTI Connectivity Only
08/03/2018 17:27:21   mfeatp(7832.9236) <SYSTEM> Orchestrator.OES.Activity: Configuring JTI scanner
08/03/2018 17:27:22   mfeatp(7832.9236) <SYSTEM> Orchestrator.OES.Activity: Configuring exclusions scanner
08/03/2018 17:27:23   mfeatp(7832.9236) <SYSTEM> Orchestrator.OES.Activity: Configuring real protect scanner
08/03/2018 17:27:23   mfeatp(7832.9236) <SYSTEM> Orchestrator.RealProtect.Activity: Real Protect client scanner is Enabled and Real Protect cloud scanner is Enabled
08/03/2018 17:27:23   mfeatp(7832.9236) <SYSTEM> Orchestrator.OES.Activity: Configuring DAC scanner
08/03/2018 17:27:23   mfeatp(7832.9236) <SYSTEM> Orchestrator.OES.Activity: Starting scan event handler
08/03/2018 17:27:23   mfeatp(7832.9236) <SYSTEM> Orchestrator.OES.Activity: Starting reputation change listener
08/03/2018 17:27:23   mfeatp(7832.9236) <SYSTEM> Orchestrator.OES.Activity: Starting config change listener
08/03/2018 17:27:23   mfeatp(7832.9236) <SYSTEM> Orchestrator.OES.Activity: Configuring AAC policy
08/03/2018 17:27:23   mfeatp(7832.9236) <SYSTEM> Orchestrator.OES.Activity: Started scan orchestrator
08/03/2018 17:27:23   mfeatp(7832.9236) <SYSTEM> EPSERVICE.mfeatp.Activity: Service started successfully
08/03/2018 18:00:44   mfeatp(7832.6444) <SYSTEM> Orchestrator.RealProtect.Activity: Real Protect client scanner is Enabled and Real Protect cloud scanner is Enabled
08/03/2018 18:01:35   mfeatp(7832.8052) <SYSTEM> Orchestrator.Action.Activity: Action Taken on File C:\USERS\XXX\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\STARTUP\CYANKA.EXE with reputation 1 is: Clean
08/03/2018 18:01:35   mfeatp(7832.8052) <SYSTEM> Orchestrator.Action.Activity: Action Details::  File: CYANKA.EXE , Mode: Enforce , Scanner: Real Protect Client , Detection Name: Real Protect-LS!e953dae987f0 , Reputation: 1  [Known Malicious] , ActionTaken: Clean  Rule id: 0 , Content Version: 1.0.0.723
08/03/2018 18:04:34   mfeatp(7832.8052) <SYSTEM> Orchestrator.Action.Activity: Action Taken on File C:\USERS\XXX\APPDATA\LOCAL\TEMP\DOCUMENTO.SCR with reputation 1 is: Clean
08/03/2018 18:04:34   mfeatp(7832.8052) <SYSTEM> Orchestrator.Action.Activity: Action Details::  File: DOCUMENTO.SCR , Mode: Enforce , Scanner: Real Protect Client , Detection Name: Real Protect-LS!e953dae987f0 , Reputation: 1  [Known Malicious] , ActionTaken: Clean  Rule id: 0 , Content Version: 1.0.0.723

More McAfee Tools to Help You
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • Visit: Business Service Portal
  • More: Search Knowledge Articles
  • ePolicy Orchestrator Support

    • Download the new ePolicy Orchestrator (ePO) Support Center Extension which simplifies ePO management and provides support resources directly in the console. Learn more about ePO Support Center