cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Highlighted
MMJ
MMJ
Level 8
Report Inappropriate Content
Message 1 of 4
‎11-05-2018 10:46 PM

what logs show me that the user disable access protection and on-access?

Jump to solution

hello

i have an assistant who can disable and anable the VSE on clinets . so i want to know what logs not  reportes on dashboard show me whitch system he disable the access protection or on-access protection even for 1 min?

thank you

0 Kudos
Reply
1 Solution

Accepted Solutions
johma
McAfee Employee johma
McAfee Employee
Report Inappropriate Content
Message 3 of 4
‎11-06-2018 02:43 AM

Re: what logs show me that the user disable access protection and on-access?

Jump to solution

HI MMJ, 

There are no logs that show who disabled OAS/Access Protection on a workstation or server. However, these settings are only accessible via the local console for VSE, on this basis you can say that the "logged in user" made the changes ( if they are not done by ePO).  If the user allows someone else to change these settings then maybe a discussion needs to be had around company policy etc.

However, also in the local console or via ePO you can set a password to "lockout" the local console and prevent users from making these changes.. I suggest this would be the best course of action at this point. 

Also, if the logged in user has a "restricted" or "user" account, they cannot make these changes by default as the cosole is locked out. Where the user has a local administrator account then you should set a password via policy to prevent an "admin" user from making changes.

In ePO, navigate to :

VirusScan Enterprise 8.8.0 > General Options Policies > My Default ( or assigned policy )

click the [Password Options] tab,  then select the option required and type/save the password, confirm password.
 
local VirusScan console:
Open console, select [Tools], [General Options], [Password Options] Tabs. Set as required and save.

 




Was my reply helpful?


If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?
0 Kudos
Reply
3 Replies
chealey
McAfee Employee chealey
McAfee Employee
Report Inappropriate Content
Message 2 of 4
‎11-06-2018 12:23 AM

Re: what logs show me that the user disable access protection and on-access?

Jump to solution

@MMJ The log files will not show you if Access Protection has been disabled or not. If it's disabled, you just won't see any new entries in the logs.

All VSE product logs can be found under %programdata%\Mcafee\DesktopProtection\Logs

Was my reply helpful?
If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?
Reply
johma
McAfee Employee johma
McAfee Employee
Report Inappropriate Content
Message 3 of 4
‎11-06-2018 02:43 AM

Re: what logs show me that the user disable access protection and on-access?

Jump to solution

HI MMJ, 

There are no logs that show who disabled OAS/Access Protection on a workstation or server. However, these settings are only accessible via the local console for VSE, on this basis you can say that the "logged in user" made the changes ( if they are not done by ePO).  If the user allows someone else to change these settings then maybe a discussion needs to be had around company policy etc.

However, also in the local console or via ePO you can set a password to "lockout" the local console and prevent users from making these changes.. I suggest this would be the best course of action at this point. 

Also, if the logged in user has a "restricted" or "user" account, they cannot make these changes by default as the cosole is locked out. Where the user has a local administrator account then you should set a password via policy to prevent an "admin" user from making changes.

In ePO, navigate to :

VirusScan Enterprise 8.8.0 > General Options Policies > My Default ( or assigned policy )

click the [Password Options] tab,  then select the option required and type/save the password, confirm password.
 
local VirusScan console:
Open console, select [Tools], [General Options], [Password Options] Tabs. Set as required and save.

 




Was my reply helpful?


If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?
0 Kudos
Reply
vnaidu
Reliable Contributor vnaidu
Reliable Contributor
Report Inappropriate Content
Message 4 of 4
‎11-06-2018 06:03 PM

Re: what logs show me that the user disable access protection and on-access?

Jump to solution

So far there are no logs that facilitates your requirements. However, you may create a query to check the list of machines along with the users where the Access Protection is in disabled state and could bring this report to your ePO dash board.

In addition, you may lock the console from the ePO with a password that would not allow the user to make any changes.

Go to ePO policies for VSE > VirusScan Enterprise 8.8.0 > General Options Policies > My Default ( customized policy for General Options )

click the [Password Options] tab,  then select the option required and type/save the password, confirm password.
 
This way you can control the user from making any changes to the vse console.
 
Cheers !!
Venu
Reply
More McAfee Tools to Help You
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • Visit: Business Service Portal
  • More: Search Knowledge Articles
  • ePolicy Orchestrator Support
  • The McAfee ePO Support Center Plug-in is now available in the Software Manager. Follow the instructions in the Product Guide for more.