cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Former Member
Not applicable
Report Inappropriate Content
Message 1 of 13
‎06-26-2018 10:14 AM

Exploit Prevention Events - not showing all events

Jump to solution

Hello,

I have several systems generating EP events, but they are not displaying under Reporting --> Exploit Prevention Events. The last event to be reported was 05/30/18, but events on the client are being generated every day since. Any ideas?

 

 

2 people had this problem.
0 Kudos
Reply
2 Solutions

Accepted Solutions
ta11
Level 9
Report Inappropriate Content
Message 10 of 13
‎01-04-2019 03:46 AM

Re: Exploit Prevention Events - not showing all events

Jump to solution

This is clarified with support for now.

The Exploit Prevention Events menu is related to Buffer Overflow signatures (not FILES class) events.

rgds

T

View solution in original post

0 Kudos
Reply
Former Member
Not applicable
Report Inappropriate Content
Message 11 of 13
‎01-04-2019 04:34 AM

Re: Exploit Prevention Events - not showing all events

Jump to solution

Actually we do have it documented in the product guide:

https://kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/27000/PD27574/en_US/... 

Only Bufferoverflow and illegal API events are expected under Exploit Prevention Events.

View solution in original post

Reply
12 Replies
denn
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 2 of 13
‎06-26-2018 10:05 PM

Re: Exploit Prevention Events - not showing all events

Jump to solution

Have you tried to reinstall McAfee agent ? I have same issue, Agent communicating with ePO, receiving tasks but not reporting any events to ePO, After Agent reinstall issue was resolved.

0 Kudos
Reply
Former Member
Not applicable
Report Inappropriate Content
Message 3 of 13
‎06-27-2018 11:06 AM

Re: Exploit Prevention Events - not showing all events

Jump to solution

Reinstalling the agent doesn't resolve the issue. Clients are sending events to ePO successfully, but Menu --> Exploit Prevention Events does not show any of the events after 5/30. If I create a manual query I can view all EP events. Furthermore, I receive an error when attempting to open any event currently under Menu --> Exploit Prevention Events. 

0 Kudos
Reply
Former Member
Not applicable
Report Inappropriate Content
Message 4 of 13
‎06-16-2021 08:19 AM

Re: Exploit Prevention Events - not showing all events

Jump to solution

Could you please tell me what steps you used to create the queries, new and just trying to get my footing. 

0 Kudos
Reply
Former Member
Not applicable
Report Inappropriate Content
Message 5 of 13
‎06-23-2021 10:17 AM

Re: Exploit Prevention Events - not showing all events

Jump to solution
Greetings, could you please send me a personal message on your method of creating quires for EP events.
0 Kudos
Reply
Former Member
Not applicable
Report Inappropriate Content
Message 6 of 13
‎07-18-2018 04:46 PM

Re: Exploit Prevention Events - not showing all events

Jump to solution
Did you validate if all events are being sent back to EPO. This can be done manually on the endpoint.


Also are you using default settings which only gather 'HIGH' mcafee-defined messages. There are stilll a plethora of messages classfied as 'LOW' and 'MEDIUM' which are not ticked/checked by default. Please take a look there in the configuration section and check the endpoint message uploads again from endpoint to the EPO.

0 Kudos
Reply
andy_judge
Level 10
Report Inappropriate Content
Message 7 of 13
‎12-04-2018 01:31 AM

Re: Exploit Prevention Events - not showing all events

Jump to solution

The issue is the events are appearing under the Threat Events section of the machine record in ePO just not appearing in the 'Exploit Prevention Events' section in the console.

So the events are reported in ePO & present in the DB somewhere, just not in the area that makes the creation of new exclusions simple.

 

 

 

Reply
ta11
Level 9
Report Inappropriate Content
Message 8 of 13
‎01-03-2019 04:05 AM

Re: Exploit Prevention Events - not showing all events

Jump to solution

Hi, I'm seeing the same issue. Exploit prevention events are received by ePO and viewable in threat events view, but not all are viewable in Exploit prevention events view. 

0 Kudos
Reply
Former Member
Not applicable
Report Inappropriate Content
Message 9 of 13
‎01-04-2019 03:12 AM

Re: Exploit Prevention Events - not showing all events

Jump to solution

I would recommend opening a support ticket for this issue. I've heard about it a few times but haven't been able to reproduce myself or see any escalations to our Dev team about this.

Generally speaking any EP events should go into that EP Events view.

What would be useful for support? 
If you know how to reproduce the issue, then find a client, reproduce the issue and gather the event xml file that's created locally (C:\ProgramData\McAfee\Agent\AgentEvents). This along with a MER from the client (ideally with ENS debug logging enabled) and screenshots from your ePO should help us.

0 Kudos
Reply
ta11
Level 9
Report Inappropriate Content
Message 10 of 13
‎01-04-2019 03:46 AM

Re: Exploit Prevention Events - not showing all events

Jump to solution

This is clarified with support for now.

The Exploit Prevention Events menu is related to Buffer Overflow signatures (not FILES class) events.

rgds

T

View solution in original post

0 Kudos
Reply
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community


Corporate Headquarters
6220 America Center Drive
San Jose, CA 95002 USA

Consumer Support   |   Enterprise Support   |   McAfee.com for Enterprise

Legal   |   Privacy   |   Copyright © 2021 Musarubra US LLC