cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted

Schedule Scan Sends Alert: 'Scan Found Infected Files' Contrary to Policy

On an ePO 4.0 patch 5 (build 1298), VSE 8.7i p2 clients,

I'm getting a notification email alert each time we run a scheduled scan against workstations.  The event ID is 1038, Description: Scan found infected files.  When I check the log on the system that was scanned it is reporting cookie detections (e.g. Cookie-207 (Potentially Unwanted Program)) and/or infected files (eicar.com).  Our scheduled scan task "Reports" property "Alert when a cookie detection occurs" is unchecked.  In addition to this our 'Alert Policies', 'Alert Manager Alerts', 'Components that generate alerts', 'On-Demand scan and scheduled scans' is unchecked.

Does anyone else experience this behaviour?  Can you reproduce this behaviour?

Thanks,

4 Replies
Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 5

Re: Schedule Scan Sends Alert: 'Scan Found Infected Files' Contrary to Policy

This is an issue with the VSE extension. Essentially the option is inverted (no means yes). Here is a KB:

https://kc.mcafee.com/corporate/index?page=content&id=KB52387

Re: Schedule Scan Sends Alert: 'Scan Found Infected Files' Contrary to Policy

Thanks for the reply.  Unfortunately that is not happing in this case.  Both the policy settings that effect alerts and correctly set in the ePO policy and on the client.  Also I've tested the policy setting both ways and the same behaviour occurs.

Cheers,

Message was edited by: RichardJC on 12/3/09 9:56 AM
Highlighted
Level 12
Report Inappropriate Content
Message 4 of 5

Re: Schedule Scan Sends Alert: 'Scan Found Infected Files' Contrary to Policy

Through ePO, you can go into the server settings and uncheck "1038" in "Event Filtering", this will stop the agent from sending this event to ePO. Other than that it would be a VSE setting. I am moving the thread to VSE for further help.

Highlighted

Re: Schedule Scan Sends Alert: 'Scan Found Infected Files' Contrary to Policy

Hi Greg,

Thanks for the input.  I thought about using an event filter but we used to have this configured this way in our old ePO server.  The problem probably is with VSE so I've created a support call with McAfee.  We'll see where that goes.

Cheers...

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community