cancel
Showing results for 
Search instead for 
Did you mean: 

VirusScan is disabled or scan is ended?

Jump to solution

Hi all.

There is rule, that detect VSA propably is disabled.

I have in log only "ops.service.end, ID: 1065" and I can't check it on the host system.

Due to McAfee KB: 

1065Service endedInformational

 

So, the scan is ended or VSA is disabled? Or it can be both?

1 Solution

Accepted Solutions
Reliable Contributor vnaidu
Reliable Contributor
Report Inappropriate Content
Message 4 of 4

Re: VirusScan is disabled or scan is ended?

Jump to solution

Dear@Schopenhauer 

Please find the below table, which is described in the KB article KB52417, please note that McAfee uses the same event ID as microsoft uses for service stopped started or error etc.

1064OASSEVERITY_INFORMATIONALops.service.startNone257InformationService was started.
1065OAS SEVERITY_INFORMATIONAL ops.service.endNone257InformationService ended.
1067 ODSSEVERITY_MINORops.service.errorNone258 WarningTask failed to start.
Venu
3 Replies
Reliable Contributor vnaidu
Reliable Contributor
Report Inappropriate Content
Message 2 of 4

Re: VirusScan is disabled or scan is ended?

Jump to solution

@Schopenhauer It is an informational event related to On Access Scan which doesn't mean that your VSE become dormant.

I would like you to perform an EICAR test to confirm that your VSE is active by following the KB article KB59742.

Hope this helps your question.

Venu

Re: VirusScan is disabled or scan is ended?

Jump to solution
Thank you.
But where is the information about that this event is related to On Access Scan? Because I tried to find and no luck. On McAfee KB there is just short description without any specifics aka "service is disabled", but what service, I did not find it.
Reliable Contributor vnaidu
Reliable Contributor
Report Inappropriate Content
Message 4 of 4

Re: VirusScan is disabled or scan is ended?

Jump to solution

Dear@Schopenhauer 

Please find the below table, which is described in the KB article KB52417, please note that McAfee uses the same event ID as microsoft uses for service stopped started or error etc.

1064OASSEVERITY_INFORMATIONALops.service.startNone257InformationService was started.
1065OAS SEVERITY_INFORMATIONAL ops.service.endNone257InformationService ended.
1067 ODSSEVERITY_MINORops.service.errorNone258 WarningTask failed to start.
Venu
More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator