speaking about tags where to find tags for processes associated with VirusScan Enterprise and McAfee Agent?
also I noticed if you patch a server to vse p6, and do rdp connection to that server you will get threat event in the epo from that server that svchost is trying to terminate some mcafee process? is it risky to exclude svchost or just leave it as is and ignore the threats? I put the details of this on another discussion would you please comment on this either here or there.
Yes, all of our extensions are current. Our entire deployment is on the most recent version except for DLP (waiting for the version compatible with Windows 10 before going from 9.3 to 9.4)
We are currently having this memory leak issue in our environment. I don't see that anyone has posted a solution to this issue, however we've identified the source. I am going to open a support case and keep everyone posted.
In our organization we applied Patch 6 in hopes it would actually stabilize issues with memory leaks on 2003 servers running VSE 8.8.0 Patch 4. Symptoms we saw were noted here:
Per the article we've halted rootkit scanning and in addition we applied Patch 6, however the problem with non-pooled memory leaking seems to have accelerated rather than improved. Also the issue has spilled over to our 2008 and newer servers. For the time being we are going to disable Access Protection and open a case to see if we can find a resolution.
do you have blocked threat events? because I noticed Mfeb keeps increasing only when I have access protection blocked events, of course if you disable the AP there will be no blocking at all but do we have to do that? or just allow the blocked one or just uncheck the blocking for the rule instead of disabling everything