cancel
Showing results for 
Search instead for 
Did you mean: 

help on filename extraSAEne.rul

I have been getting the logs with event name Access protection rule voilation detected and blocked for filename  extraSAEne.rul with message prevent prevent modification of McAfee files and settings, will be thankful if anyone can help me in uderstanding the legitimacy of the event.

6 Replies

Re: help on filename extraSAEne.rul

If it's trying to modify McAfee files without you requesting it, it can't be good.

Run a full scan asap would be my first advice, it looks like a malicious software.

Re: help on filename extraSAEne.rul

Also if that is the file causing the issue post it on www.virustotal.com and post the results.

Scan also with stinger and run getsusp with your email in the preferenves so it can submit the file to mcafee if it finds it suspicious or unknown.

McAfee Communities: Anti-Spyware, Malware & Hijacker Tools

I agree it sounds suspect.

exbrit
Level 21
Report Inappropriate Content
Message 4 of 7

Re: help on filename extraSAEne.rul

That name extraSAEne.rul,  the SAE therein sound like SiteAdvisor Enterprise.   Is that what you are using?

Hayton
Level 18
Report Inappropriate Content
Message 5 of 7

Re: help on filename extraSAEne.rul

Access Protection rules are a part of VirusScan Enterprise. From KB52204 :

The VSE Access Protection feature prevents unwanted changes to your computer by restricting access to specified ports, files and folders, shares, and registry key values. It also protects McAfee processes and services by preventing users from modifying or stopping them.

Moved from Consumer section to Business --> EndPoint Security --> VirusScan Enterprise.

Re: help on filename extraSAEne.rul

Actually those rules and settings are part of any of the following suites: McAfee All Access, McAfee Total Protection, McAfee Internet Security, McAfee Antivirus Plus.

exbrit
Level 21
Report Inappropriate Content
Message 7 of 7

Re: help on filename extraSAEne.rul

I haven't been able to find such files on any of my consumer installations and they don't have rules anyway, not ones that can be input at any rate.