On an ePO 4.0 patch 5 (build 1298), VSE 8.7i p2 clients,
I'm getting a notification email alert each time we run a scheduled scan against workstations. The event ID is 1038, Description: Scan found infected files. When I check the log on the system that was scanned it is reporting cookie detections (e.g. Cookie-207 (Potentially Unwanted Program)) and/or infected files (eicar.com). Our scheduled scan task "Reports" property "Alert when a cookie detection occurs" is unchecked. In addition to this our 'Alert Policies', 'Alert Manager Alerts', 'Components that generate alerts', 'On-Demand scan and scheduled scans' is unchecked.
Does anyone else experience this behaviour? Can you reproduce this behaviour?
This is an issue with the VSE extension. Essentially the option is inverted (no means yes). Here is a KB:
Thanks for the reply. Unfortunately that is not happing in this case. Both the policy settings that effect alerts and correctly set in the ePO policy and on the client. Also I've tested the policy setting both ways and the same behaviour occurs.
Cheers,Message was edited by: RichardJC on 12/3/09 9:56 AM
Through ePO, you can go into the server settings and uncheck "1038" in "Event Filtering", this will stop the agent from sending this event to ePO. Other than that it would be a VSE setting. I am moving the thread to VSE for further help.
Thanks for the input. I thought about using an event filter but we used to have this configured this way in our old ePO server. The problem probably is with VSE so I've created a support call with McAfee. We'll see where that goes.
Download the new ePolicy Orchestrator (ePO) Support Center Extension which simplifies ePO management and provides support resources directly in the console. Learn more about ePO Support Center