cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
twenden
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 1 of 6
‎10-08-2008 08:10 AM

Way to be alerted about when the OAS is disabled

We are wanting to know if it is possible to get email alerts from EPO when say a virus/user has disabled the On-Access Scanner and that it did not get re-enabled?

In our environment, we allow the user to temporarily disable the OAS for 30 minutes until the EPO policy re-enables it. We are aware that a lot of viruses/trojans will run scripts to disable the OAS. We want to get alerts from EPO to get notified when this occurs.

We do currently get "notification" alerts from EPO about when systems get a virus.
0 Kudos
Reply
5 Replies
twenden
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 2 of 6
‎10-08-2008 08:36 AM

RE: Way to be alerted about when the OAS is disabled

Well, I think I found my answer on the McAfee knowledgebase. Acticle KB41896

It states that you can't get alerted when a user manually disables the OAS. The "On-Access Scanner is disabled" selection under the notification rules is for a malfunction/threat. That explains why it did not send an alert when I manually disabled the OAS on a test workstation.

Not too sure how to test a malfunction/threat to see if it will send the alert.
0 Kudos
Reply
tonyb99
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 3 of 6
‎10-09-2008 01:11 AM

RE: Way to be alerted about when the OAS is disabled

kill mcshield from the system services on a remote machine and see if it generates a notification
0 Kudos
Reply
twenden
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 4 of 6
‎10-09-2008 07:00 AM

RE: Way to be alerted about when the OAS is disabled

I have tried to do what you suggested by ending the Mcshield process. I had to modify the access protection rules to allow for mcshield to be removed. This I done using task manager.

It does not seem to send out the alert. Have you managed to get alerts from your EPO 3.6.1 this way? We do get alerts about viruses being detected and users that might uninstall the epo agent etc.
0 Kudos
Reply
tonyb99
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 5 of 6
‎10-09-2008 07:15 AM

RE: Way to be alerted about when the OAS is disabled

tbh i dont even report on those events (have them filtered out) since all that crud with 8.5 starting and stopping all the time
0 Kudos
Reply
twenden
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 6 of 6
‎10-09-2008 08:33 AM

RE: Way to be alerted about when the OAS is disabled

Thanks.

It was my boss who wanting to find out if we could get those alerts. She has since told me not to pursue it any more.
0 Kudos
Reply
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community


Corporate Headquarters
6220 America Center Drive
San Jose, CA 95002 USA

Consumer Support   |   Enterprise Support   |   McAfee.com

Legal   |   Privacy   |   Copyright © 2020 McAfee, LLC