cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted

McAfee Blocking McAfee Validation Trust Protection (mfevtps.exe) ; Also Full Path to SVCHOST.EXE In Exceptions?

I see this in our ePO server's threat events often. Is there any way to prevent this from filling our logs while keeping McAfee safe? Perhaps I should add SVCHOST.EXE to the rules exceptions?

Server ID:SECURITYAGENT
Event Received Time:5/5/16 7:16:57 AM
Event Generated Time:5/4/16 6:51:02 PM
Agent GUID:61EE361A-0D6A-11E6-1398-A0D3C126B3F2
Detecting Prod ID (deprecated):VIRUSCAN8800
Detecting Product Name:VirusScan Enterprise
Detecting Product Version:8.8
Detecting Product Host Name:ComputerName01
Detecting Product IPv4 Address:192.168.1.154
Detecting Product IP Address:192.168.1.154
Detecting Product MAC Address:
DAT Version:
Engine Version:
Threat Source Host Name:_
Threat Source IPv4 Address:192.168.1.154
Threat Source IP Address:192.168.1.154
Threat Source MAC Address:
Threat Source User Name:
Threat Source Process Name:C:\WINDOWS\SYSTEM32\SVCHOST.EXE
Threat Source URL:
Threat Target Host Name:ComputerName01
Threat Target IPv4 Address:192.168.1.154
Threat Target IP Address:192.168.1.154
Threat Target MAC Address:
Threat Target User Name:NT AUTHORITY\SYSTEM
Threat Target Port Number:
Threat Target Network Protocol:
Threat Target Process Name:
Threat Target File Path:C:\WINDOWS\SYSTEM32\MFEVTPS.EXE
Event Category:'File' class or access
Event ID:1092
Threat Severity:Notice
Threat Name:Common Standard Protection:Prevent termination of McAfee processes
Threat Type:access protection
Action Taken:deny terminate
Threat Handled:True
Analyzer Detection Method:OAS

Events received from managed systems

Event Description:Access Protection rule violation detected and blocked

Also is it a better idea to add C:\WINDOWS\SYSTEM32\SVCHOST.EXE as an exception rather than SVCHOST.EXE, in case some malware names itself SVCHOST.EXE?

1 Reply
Highlighted
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 2 of 2

Re: McAfee Blocking McAfee Validation Trust Protection (mfevtps.exe) ; Also Full Path to SVCHOST.EXE

Hello,

usually such events come to be false positives but McAfee updates the rules regularly to strengthen the defensive actions. It depends how many events you receive but you can monitor and take actions if they are bigger amount. You can also set purge tasks to empty some of them if you are concerned in regards to space..

Regarding the exceptions, it is always better to be as specific as you can to keep the risk lower.

In case above information was useful or answered your question, please select "Accept as Solution" in my reply, or give a Kudo. Thanks!
Nino
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community