Hi all.
There is rule, that detect VSA propably is disabled.
I have in log only "ops.service.end, ID: 1065" and I can't check it on the host system.
Due to McAfee KB:
1065 | Service ended | Informational |
So, the scan is ended or VSA is disabled? Or it can be both?
Solved! Go to Solution.
Dear@Schopenhauer
Please find the below table, which is described in the KB article KB52417, please note that McAfee uses the same event ID as microsoft uses for service stopped started or error etc.
1064 | OAS | SEVERITY_INFORMATIONAL | ops.service.start | None | 257 | Information | Service was started. |
1065 | OAS | SEVERITY_INFORMATIONAL | ops.service.end | None | 257 | Information | Service ended. |
1067 | ODS | SEVERITY_MINOR | ops.service.error | None | 258 | Warning | Task failed to start. |
@Schopenhauer It is an informational event related to On Access Scan which doesn't mean that your VSE become dormant.
I would like you to perform an EICAR test to confirm that your VSE is active by following the KB article KB59742.
Hope this helps your question.
Dear@Schopenhauer
Please find the below table, which is described in the KB article KB52417, please note that McAfee uses the same event ID as microsoft uses for service stopped started or error etc.
1064 | OAS | SEVERITY_INFORMATIONAL | ops.service.start | None | 257 | Information | Service was started. |
1065 | OAS | SEVERITY_INFORMATIONAL | ops.service.end | None | 257 | Information | Service ended. |
1067 | ODS | SEVERITY_MINOR | ops.service.error | None | 258 | Warning | Task failed to start. |
Corporate Headquarters
6220 America Center Drive
San Jose, CA 95002 USA