cancel
Showing results for 
Search instead for 
Did you mean: 

McLogEvent 257

Hi,

i have a Problem with Groupshield v6.0.2 (6.0.1148.100) and VirusScan Enterprise 8.5i

Every 1 minute is an entry in the eventlog:
Source: McLogEvent
Event ID : 257
Type: Information
User: NT-AUTORITÄT\SYSTEM

Blocked by access protection rule. Access to object \REGISTRY\MACHINE\SOFTWARE\McAfee\VSCore\On Access Scanner\McShield\Configuration\Default\ExcludedItem_0 was blocked by rule Common Standard Protection:Prevent modification of McAfee files and settings.

and in the AccessProtectionLog.txt is the following entry

08.10.2007 11:52:04 Blocked by Access Protection rule NT-AUTORITÄT\SYSTEM C:\Programme\Network Associates\McAfee GroupShield\bin\SAFeService.exe \REGISTRY\MACHINE\SOFTWARE\McAfee\VSCore\On Access Scanner\McShield\Configuration\Default\ExcludedItem_0 Common Standard Protection:Prevent modification of McAfee files and settings Action blocked : Create

Has anyone solution for this?


___________________
Cheers
Thomas


*sorry for my bad englisch*
Labels (1)
Tags (2)
4 Replies

Me, too

I am also encountering this issue. I presume it's not critical but it still clogs up my application event monitor. There's an entry like that in the log once every minute.

Any help?

RE: McLogEvent 257

I'm encountered this as well on a group of my servers. It applies to 8 servers.

1. They are all application servers.
2. They are in a container on our ePO server that contains unaffected computers.
3. They are able to poll externally to the McAfee HTTP source.
4. The servers function normally otherwise.
5. The only GPOs applied to that box are our Default Domain Policy, our Windows Update Policy, and our Default Server Policy. These GPOs are applied to all servers in our domain and not causing problems anywhere.
6. Communication will occur if we force the update from the ePO console on the ePO server, but not if we attempt the update from the affected server.

We are in the process of determining if these boxes are somehow sitting inside our DMZ, but we're unsure at the moment (large environment, takes a bit).

Ideas?
mchpis
Level 7
Report Inappropriate Content
Message 4 of 5

RE: McLogEvent 257

Anyone find a fix for this?

I have this happening on 3 of my Exchange servers.

Event Type: Information
Event Source: McLogEvent
Event Category: None
Event ID: 257
Date: 3/2/2009
Time: 4:18:17 PM
User: NT AUTHORITY\SYSTEM
Computer: Server name
Description:
Blocked by access protection rule. Access to object \REGISTRY\MACHINE\SOFTWARE\McAfee\DesktopProtection\DefaultTask\ExcludedItem_0 was blocked by rule Common Standard Protection:Prevent modification of McAfee files and settings.


Looks like something is trying to modify McAfee items and its blocking whatever it from doing it. Would be nice if they could somehow include the object thats trying to do the modifications.

Server running
Win2k3 sp2
Exchange 2003
Group Shield 6.02 (yeah it needs updated)
VSE/MAS 8.5 P7
McAfee Agent 4.0.0.1345

Thanks for any help!

-Keith
mchpis
Level 7
Report Inappropriate Content
Message 5 of 5

RE: McLogEvent 257

Did some digging at kc.mcafee.com and found this article and so far it seems to have solved the issue.

They must have forgotten to add the Safeservice.exe process to the exclude list of McAfee files and settings when they built the default settings for 8.5....

Here is the link to the article:

https://kc.mcafee.com/corporate/index?page=content&id=KB53652&actp=search&searchid=1236036946193
More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community