cancel
Showing results for 
Search instead for 
Did you mean: 

VirusScan is disabled or scan is ended?

Jump to solution

Hi all.

There is rule, that detect VSA propably is disabled.

I have in log only "ops.service.end, ID: 1065" and I can't check it on the host system.

Due to McAfee KB: 

1065Service endedInformational

 

So, the scan is ended or VSA is disabled? Or it can be both?

1 Solution

Accepted Solutions
Reliable Contributor vnaidu
Reliable Contributor
Report Inappropriate Content
Message 4 of 4

Re: VirusScan is disabled or scan is ended?

Jump to solution

Dear@Schopenhauer 

Please find the below table, which is described in the KB article KB52417, please note that McAfee uses the same event ID as microsoft uses for service stopped started or error etc.

1064OASSEVERITY_INFORMATIONALops.service.startNone257InformationService was started.
1065OAS SEVERITY_INFORMATIONAL ops.service.endNone257InformationService ended.
1067 ODSSEVERITY_MINORops.service.errorNone258 WarningTask failed to start.
Venu
3 Replies
Reliable Contributor vnaidu
Reliable Contributor
Report Inappropriate Content
Message 2 of 4

Re: VirusScan is disabled or scan is ended?

Jump to solution

@Schopenhauer It is an informational event related to On Access Scan which doesn't mean that your VSE become dormant.

I would like you to perform an EICAR test to confirm that your VSE is active by following the KB article KB59742.

Hope this helps your question.

Venu

Re: VirusScan is disabled or scan is ended?

Jump to solution
Thank you.
But where is the information about that this event is related to On Access Scan? Because I tried to find and no luck. On McAfee KB there is just short description without any specifics aka "service is disabled", but what service, I did not find it.
Reliable Contributor vnaidu
Reliable Contributor
Report Inappropriate Content
Message 4 of 4

Re: VirusScan is disabled or scan is ended?

Jump to solution

Dear@Schopenhauer 

Please find the below table, which is described in the KB article KB52417, please note that McAfee uses the same event ID as microsoft uses for service stopped started or error etc.

1064OASSEVERITY_INFORMATIONALops.service.startNone257InformationService was started.
1065OAS SEVERITY_INFORMATIONAL ops.service.endNone257InformationService ended.
1067 ODSSEVERITY_MINORops.service.errorNone258 WarningTask failed to start.
Venu
More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community