cancel
Showing results for 
Search instead for 
Did you mean: 

Block **\*.scr User Defined Access Protection Rule deny read when not set to block read

Ever since updating to VSE 8.8 Patch 7 I keep getting alerts through Automatic Responses triggered when this AP rule is violated. The problem is, events are coming in with "action taken: Deny read" when we do not have deny read set in that rule. This is causing a lot of unnecessary events to come through, and in turn it causes these machines to be quarantined. This never happened on VSE 8.8 patch 2, nor does anything come in with Deny Read on any machines still on patch 2. Is this a bug with Patch 7? It is causing a lot of unnecessary "panic" due to all these alerts coming in.

We are on Agent v4.8.0.1938, ePO server is 5.3.1 build 188, fully up to date w patches, latest VSE management and reporting extensions.

1 Reply
dmeier
Level 13
Report Inappropriate Content
Message 2 of 2

Re: Block **\*.scr User Defined Access Protection Rule deny read when not set to block read

You'll want to reach out to support to determine the proper course of action.

You could either determine the source of the "trigger", or you can work to filter those events out.  But, that's about all I know about it

- David