We have an environmentof 220computersmanagedbyePOOrchestrator,versionsaredeployed are VSE8.8 patch 2 and Agent4.6patch2. In Novemberprepared sometestcomputers(5) and changed sensitivityartermesisvery low(by default)to highand actived check "scanning active processes"inside the scanning optionsin real time,lookingimage attached.
Afew days afteritappearedmany eventsenabled560 withaccess toMcAfeeobjectsat exactly thesame time.This makes the security Windows registryis fulland aconventionaluserunable to log.Seeattached image.
I'vesince Decemberwith an incidenceMcAfeeopenbutto this dayI have nosolutionyet.I would appreciatecommentsfrom someonewho has been throughthis experience.
Iflowsensitivityto very low,these eventsdisappear.
Someone can help me?, someone can understand what are happen?
The normal sensitivity should be Medium. High and Very High are usually reserved for machines that you highly suspect are infected. However, I have to admit that I'm stumped why they would be correlated. I found this article and this one and this one from our knowledge base. If it were me, I'd do the following:
1. Uninstall VSE.
2. Reinstall VSE 8.8 patch 2.
4. Try again.
My thinking is that you might not actually be running patch 2. Or that you think you are but something might not be working right.
Either way. Call support back and ask for escalation.
Thank your for information. Well, i was thinking about knownbug event 560, but in this case is different. The known bug event 560 was every "X" minutes continuously and with patch 2 I could see thatwas solved.
I tried reinstall VSE 8.8 patch 2 with same result.