Hi all.
There is rule, that detect VSA propably is disabled.
I have in log only "ops.service.end, ID: 1065" and I can't check it on the host system.
Due to McAfee KB:
1065 | Service ended | Informational |
So, the scan is ended or VSA is disabled? Or it can be both?
Solved! Go to Solution.
Dear@Schopenhauer
Please find the below table, which is described in the KB article KB52417, please note that McAfee uses the same event ID as microsoft uses for service stopped started or error etc.
1064 | OAS | SEVERITY_INFORMATIONAL | ops.service.start | None | 257 | Information | Service was started. |
1065 | OAS | SEVERITY_INFORMATIONAL | ops.service.end | None | 257 | Information | Service ended. |
1067 | ODS | SEVERITY_MINOR | ops.service.error | None | 258 | Warning | Task failed to start. |
@Schopenhauer It is an informational event related to On Access Scan which doesn't mean that your VSE become dormant.
I would like you to perform an EICAR test to confirm that your VSE is active by following the KB article KB59742.
Hope this helps your question.
Dear@Schopenhauer
Please find the below table, which is described in the KB article KB52417, please note that McAfee uses the same event ID as microsoft uses for service stopped started or error etc.
1064 | OAS | SEVERITY_INFORMATIONAL | ops.service.start | None | 257 | Information | Service was started. |
1065 | OAS | SEVERITY_INFORMATIONAL | ops.service.end | None | 257 | Information | Service ended. |
1067 | ODS | SEVERITY_MINOR | ops.service.error | None | 258 | Warning | Task failed to start. |
Download the new ePolicy Orchestrator (ePO) Support Center Extension which simplifies ePO management and provides support resources directly in the console. Learn more about ePO Support Center
Corporate Headquarters
2821 Mission College Blvd.
Santa Clara, CA 95054 USA