cancel
Showing results for 
Search instead for 
Did you mean: 

Schedule Scan Sends Alert: 'Scan Found Infected Files' Contrary to Policy

On an ePO 4.0 patch 5 (build 1298), VSE 8.7i p2 clients,

I'm getting a notification email alert each time we run a scheduled scan against workstations.  The event ID is 1038, Description: Scan found infected files.  When I check the log on the system that was scanned it is reporting cookie detections (e.g. Cookie-207 (Potentially Unwanted Program)) and/or infected files (eicar.com).  Our scheduled scan task "Reports" property "Alert when a cookie detection occurs" is unchecked.  In addition to this our 'Alert Policies', 'Alert Manager Alerts', 'Components that generate alerts', 'On-Demand scan and scheduled scans' is unchecked.

Does anyone else experience this behaviour?  Can you reproduce this behaviour?

Thanks,

4 Replies
McAfee Employee jstanley
McAfee Employee
Report Inappropriate Content
Message 2 of 5

Re: Schedule Scan Sends Alert: 'Scan Found Infected Files' Contrary to Policy

This is an issue with the VSE extension. Essentially the option is inverted (no means yes). Here is a KB:

https://kc.mcafee.com/corporate/index?page=content&id=KB52387

Re: Schedule Scan Sends Alert: 'Scan Found Infected Files' Contrary to Policy

Thanks for the reply.  Unfortunately that is not happing in this case.  Both the policy settings that effect alerts and correctly set in the ePO policy and on the client.  Also I've tested the policy setting both ways and the same behaviour occurs.

Cheers,

Message was edited by: RichardJC on 12/3/09 9:56 AM
McAfee Employee GWIRT
McAfee Employee
Report Inappropriate Content
Message 4 of 5

Re: Schedule Scan Sends Alert: 'Scan Found Infected Files' Contrary to Policy

Through ePO, you can go into the server settings and uncheck "1038" in "Event Filtering", this will stop the agent from sending this event to ePO. Other than that it would be a VSE setting. I am moving the thread to VSE for further help.

Re: Schedule Scan Sends Alert: 'Scan Found Infected Files' Contrary to Policy

Hi Greg,

Thanks for the input.  I thought about using an event filter but we used to have this configured this way in our old ePO server.  The problem probably is with VSE so I've created a support call with McAfee.  We'll see where that goes.

Cheers...

MPower Badge Now Available
Customers attending MPower can earn a community badge. Check into the MPower forum and say hi to have the badge awarded to your community profile.