cancel
Showing results for 
Search instead for 
Did you mean: 

ENS Adaptive Threat Protection

Need to block below as its shows clean

 

07/03/2018 23:24:01   mfeatp(12940.15208) <SYSTEM> Orchestrator.RealProtect.Activity: Real Protect client scanner is Enabled and Real Protect cloud scanner is Enabled
07/03/2018 23:24:34   mfeatp(12940.204) <SYSTEM> Orchestrator.Action.Activity: Action Taken on File C:\USERS\XXX\APPDATA\LOCAL\TEMP\DOCUMENTO.SCR with reputation 1 is: Clean
07/03/2018 23:24:34   mfeatp(12940.204) <SYSTEM> Orchestrator.Action.Activity: Action Details::  File: DOCUMENTO.SCR , Mode: Enforce , Scanner: Real Protect Client , Detection Name: Real Protect-LS!e953dae987f0 , Reputation: 1  [Known Malicious] , ActionTaken: Clean  Rule id: 0 , Content Version: 1.0.0.723
08/03/2018 07:05:11   mfeatp(12940.13604) <SYSTEM> Orchestrator.RealProtect.Activity: Real Protect client scanner is Enabled and Real Protect cloud scanner is Enabled
08/03/2018 07:10:52   mfeatp(12940.7180) <SYSTEM> Orchestrator.RealProtect.Activity: Real Protect cloud scanner will monitor process with process id 6508 , file path C:\USERS\XXX\APPDATA\LOCAL\TEMP\DOCUMENTO.SCR
08/03/2018 07:10:58   mfeatp(12940.7180) <SYSTEM> Orchestrator.RealProtect.Activity: Real Protect cloud scanner will monitor process with process id 5528 , file path C:\USERS\XXX\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\STARTUP\CYANKA.EXE
08/03/2018 07:10:58   mfeatp(12940.7180) <SYSTEM> Orchestrator.RealProtect.Activity: Real Protect cloud scanner will monitor process with process id 7588 , file path C:\USERS\XXX\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\STARTUP\CYANKA.EXE
08/03/2018 07:11:48   mfeatp(12940.14016) <SYSTEM> Orchestrator.RepChangeListener.Activity: Real Protect cloud scanner trace complete for process id 6508 , file c:\users\xxx\appdata\local\temp\documento.scr with reason id 9
08/03/2018 07:15:32   mfeatp(12940.2808) <SYSTEM> Orchestrator.Action.Activity: Action Taken on File C:\USERS\XXX\APPDATA\LOCAL\TEMP\DOCUMENTO.SCR with reputation 1 is: Clean
08/03/2018 07:15:32   mfeatp(12940.2808) <SYSTEM> Orchestrator.Action.Activity: Action Details::  File: DOCUMENTO.SCR , Mode: Enforce , Scanner: Real Protect Client , Detection Name: Real Protect-LS!e953dae987f0 , Reputation: 1  [Known Malicious] , ActionTaken: Clean  Rule id: 0 , Content Version: 1.0.0.723
08/03/2018 07:15:40   mfeatp(12940.13604) <SYSTEM> Orchestrator.RepChangeListener.Activity: Real Protect cloud scanner trace complete for process id 0 , file c:\users\xxx\appdata\local\temp\documento.scr with reason id 7
08/03/2018 07:15:42   mfeatp(12940.7228) <SYSTEM> Orchestrator.Action.Activity: Real Protect cloud found detection, detection name: Real Protect-SS!E953DAE987F0 in source process id: 0 , source path: c:\users\xxx\appdata\local\temp , source name: documento.scr , source hash: E953DAE987F0AFD5E66066E5A6792EA6 , reputation: 1  [Known Malicious] , source user:  , target user:  , action taken: Clean , content version: 1.0 , engine version: 10.4264
08/03/2018 15:40:19   mfeatp(12940.13432) <SYSTEM> Orchestrator.RealProtect.Activity: Real Protect client scanner is Enabled and Real Protect cloud scanner is Enabled
08/03/2018 15:40:44   mfeatp(12940.14820) <SYSTEM> Orchestrator.RealProtect.Activity: Real Protect cloud scanner will monitor process with process id 14320 , file path C:\USERS\XXX\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\STARTUP\CYANKA.EXE
08/03/2018 15:41:04   mfeatp(12940.1640) <SYSTEM> Orchestrator.Action.Activity: Action Taken on File C:\USERS\XXX\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\STARTUP\CYANKA.EXE with reputation 1 is: Clean
08/03/2018 15:41:04   mfeatp(12940.1640) <SYSTEM> Orchestrator.Action.Activity: Action Details::  File: CYANKA.EXE , Mode: Enforce , Scanner: Real Protect Client , Detection Name: Real Protect-LS!e953dae987f0 , Reputation: 1  [Known Malicious] , ActionTaken: Clean  Rule id: 0 , Content Version: 1.0.0.723
08/03/2018 15:41:45   mfeatp(12940.12912) <SYSTEM> Orchestrator.RepChangeListener.Activity: Real Protect cloud scanner trace complete for process id 14320 , file c:\users\xxx\appdata\roaming\microsoft\windows\start menu\programs\startup\cyanka.exe with reason id 7
08/03/2018 15:41:46   mfeatp(12940.9356) <SYSTEM> Orchestrator.Action.Activity: Real Protect cloud found detection, detection name: Real Protect-SS!E953DAE987F0 in source process id: 14320 , source path: c:\users\xxx\appdata\roaming\microsoft\windows\start menu\programs\startup , source name: cyanka.exe , source hash: E953DAE987F0AFD5E66066E5A6792EA6 , reputation: 1  [Known Malicious] , source user:  , target user:  , action taken: Clean , content version: 1.0 , engine version: 10.4264
08/03/2018 17:04:59   mfeatp(12940.7052) <SYSTEM> Orchestrator.Action.Activity: Action Taken on File C:\USERS\XXX\APPDATA\LOCAL\TEMP\DOCUMENTO.SCR with reputation 1 is: Clean
08/03/2018 17:04:59   mfeatp(12940.7052) <SYSTEM> Orchestrator.Action.Activity: Action Details::  File: DOCUMENTO.SCR , Mode: Enforce , Scanner: Real Protect Client , Detection Name: Real Protect-LS!e953dae987f0 , Reputation: 1  [Known Malicious] , ActionTaken: Clean  Rule id: 0 , Content Version: 1.0.0.723
08/03/2018 17:14:55   mfeatp(12940.4572) <SYSTEM> Orchestrator.RealProtect.Activity: Real Protect cloud scanner will monitor process with process id 7268 , file path C:\USERS\XXX\APPDATA\LOCAL\TEMP\DOCUMENTO.SCR
08/03/2018 17:14:57   mfeatp(12940.4572) <SYSTEM> Orchestrator.RealProtect.Activity: Real Protect cloud scanner will monitor process with process id 7972 , file path C:\USERS\XXX\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\STARTUP\CYANKA.EXE
08/03/2018 17:14:58   mfeatp(12940.4572) <SYSTEM> Orchestrator.RealProtect.Activity: Real Protect cloud scanner will monitor process with process id 9220 , file path C:\USERS\XXX\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\STARTUP\CYANKA.EXE
08/03/2018 17:15:49   mfeatp(12940.13564) <SYSTEM> Orchestrator.RepChangeListener.Activity: Real Protect cloud scanner trace complete for process id 7268 , file c:\users\xxx\appdata\local\temp\documento.scr with reason id 9
08/03/2018 17:25:07   mfeatp(7408.3288) <SYSTEM> EPSERVICE.mfeatp.Activity: Starting service...
08/03/2018 17:25:07   mfeatp(7408.3288) <SYSTEM> EPSERVICE.mfeatp.Activity: Loading Reputation-Unified component...
08/03/2018 17:25:15   mfeatp(7408.3288) <SYSTEM> EPSERVICE.mfeatp.Activity: Loading ATP component...
08/03/2018 17:25:22   mfeatp(7408.3288) <SYSTEM> EPSERVICE.mfeatp.Activity: Loading ATPMA component...
08/03/2018 17:25:23   mfeatp(7408.3288) <SYSTEM> EPSERVICE.mfeatp.Activity: Loading RepairModule component...
08/03/2018 17:25:24   mfeatp(7408.3288) <SYSTEM> atpbl.ATP.Activity: ATP version 10.5.3.3113
08/03/2018 17:25:24   mfeatp(7408.3288) <SYSTEM> Orchestrator.OES.Activity: Starting scan orchestrator
08/03/2018 17:25:24   mfeatp(7408.3288) <SYSTEM> Orchestrator.OES.Activity: Adaptive Threat Protection is Enabled
08/03/2018 17:25:38   mfeatp(7408.3288) <SYSTEM> Orchestrator.OES.Activity: Configuring AMCore update monitor
08/03/2018 17:25:38   mfeatp(7408.3288) <SYSTEM> Orchestrator.OES.Activity: Configuring reputation scanner
08/03/2018 17:25:38   mfeatp(7408.3288) <SYSTEM> Orchestrator.JCM.Activity: System is not using proxy
08/03/2018 17:25:42   mfeatp(7408.3288) <SYSTEM> Orchestrator.JCM.Activity: Connectivity status is McAfee GTI Connectivity Only
08/03/2018 17:25:42   mfeatp(7408.3288) <SYSTEM> Orchestrator.OES.Activity: Configuring JTI scanner
08/03/2018 17:26:57   mfeatp(7408.3288) <SYSTEM> Orchestrator.OES.Activity: Configuring exclusions scanner
08/03/2018 17:26:57   mfeatp(7408.3288) <SYSTEM> Orchestrator.OES.Activity: Configuring real protect scanner
08/03/2018 17:26:57   mfeatp(7408.3288) <SYSTEM> Orchestrator.RealProtect.Activity: Real Protect client scanner is Enabled and Real Protect cloud scanner is Enabled
08/03/2018 17:27:11   mfeatp(7832.9236) <SYSTEM> EPSERVICE.mfeatp.Activity: Starting service...
08/03/2018 17:27:11   mfeatp(7832.9236) <SYSTEM> EPSERVICE.mfeatp.Activity: Loading Reputation-Unified component...
08/03/2018 17:27:17   mfeatp(7832.9236) <SYSTEM> EPSERVICE.mfeatp.Activity: Loading ATP component...
08/03/2018 17:27:18   mfeatp(7832.9236) <SYSTEM> EPSERVICE.mfeatp.Activity: Loading ATPMA component...
08/03/2018 17:27:18   mfeatp(7832.9236) <SYSTEM> EPSERVICE.mfeatp.Activity: Loading RepairModule component...
08/03/2018 17:27:18   mfeatp(7832.9236) <SYSTEM> atpbl.ATP.Activity: ATP version 10.5.3.3113
08/03/2018 17:27:18   mfeatp(7832.9236) <SYSTEM> Orchestrator.OES.Activity: Starting scan orchestrator
08/03/2018 17:27:18   mfeatp(7832.9236) <SYSTEM> Orchestrator.OES.Activity: Adaptive Threat Protection is Enabled
08/03/2018 17:27:18   mfeatp(7832.9236) <SYSTEM> Orchestrator.OES.Activity: Configuring AMCore update monitor
08/03/2018 17:27:18   mfeatp(7832.9236) <SYSTEM> Orchestrator.OES.Activity: Configuring reputation scanner
08/03/2018 17:27:18   mfeatp(7832.9236) <SYSTEM> Orchestrator.JCM.Activity: System is not using proxy
08/03/2018 17:27:21   mfeatp(7832.9236) <SYSTEM> Orchestrator.JCM.Activity: Connectivity status is McAfee GTI Connectivity Only
08/03/2018 17:27:21   mfeatp(7832.9236) <SYSTEM> Orchestrator.OES.Activity: Configuring JTI scanner
08/03/2018 17:27:22   mfeatp(7832.9236) <SYSTEM> Orchestrator.OES.Activity: Configuring exclusions scanner
08/03/2018 17:27:23   mfeatp(7832.9236) <SYSTEM> Orchestrator.OES.Activity: Configuring real protect scanner
08/03/2018 17:27:23   mfeatp(7832.9236) <SYSTEM> Orchestrator.RealProtect.Activity: Real Protect client scanner is Enabled and Real Protect cloud scanner is Enabled
08/03/2018 17:27:23   mfeatp(7832.9236) <SYSTEM> Orchestrator.OES.Activity: Configuring DAC scanner
08/03/2018 17:27:23   mfeatp(7832.9236) <SYSTEM> Orchestrator.OES.Activity: Starting scan event handler
08/03/2018 17:27:23   mfeatp(7832.9236) <SYSTEM> Orchestrator.OES.Activity: Starting reputation change listener
08/03/2018 17:27:23   mfeatp(7832.9236) <SYSTEM> Orchestrator.OES.Activity: Starting config change listener
08/03/2018 17:27:23   mfeatp(7832.9236) <SYSTEM> Orchestrator.OES.Activity: Configuring AAC policy
08/03/2018 17:27:23   mfeatp(7832.9236) <SYSTEM> Orchestrator.OES.Activity: Started scan orchestrator
08/03/2018 17:27:23   mfeatp(7832.9236) <SYSTEM> EPSERVICE.mfeatp.Activity: Service started successfully
08/03/2018 18:00:44   mfeatp(7832.6444) <SYSTEM> Orchestrator.RealProtect.Activity: Real Protect client scanner is Enabled and Real Protect cloud scanner is Enabled
08/03/2018 18:01:35   mfeatp(7832.8052) <SYSTEM> Orchestrator.Action.Activity: Action Taken on File C:\USERS\XXX\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\STARTUP\CYANKA.EXE with reputation 1 is: Clean
08/03/2018 18:01:35   mfeatp(7832.8052) <SYSTEM> Orchestrator.Action.Activity: Action Details::  File: CYANKA.EXE , Mode: Enforce , Scanner: Real Protect Client , Detection Name: Real Protect-LS!e953dae987f0 , Reputation: 1  [Known Malicious] , ActionTaken: Clean  Rule id: 0 , Content Version: 1.0.0.723
08/03/2018 18:04:34   mfeatp(7832.8052) <SYSTEM> Orchestrator.Action.Activity: Action Taken on File C:\USERS\XXX\APPDATA\LOCAL\TEMP\DOCUMENTO.SCR with reputation 1 is: Clean
08/03/2018 18:04:34   mfeatp(7832.8052) <SYSTEM> Orchestrator.Action.Activity: Action Details::  File: DOCUMENTO.SCR , Mode: Enforce , Scanner: Real Protect Client , Detection Name: Real Protect-LS!e953dae987f0 , Reputation: 1  [Known Malicious] , ActionTaken: Clean  Rule id: 0 , Content Version: 1.0.0.723

McAfee ePO Support Center Plug-in
Check out the new McAfee ePO Support Center. Simply access the ePO Software Manager and follow the instructions in the Product Guide for the most commonly used utilities, top known issues announcements, search the knowledgebase for product documentation, and server status and statistics – all from within ePO.