cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Rudder88
Level 7
Report Inappropriate Content
Message 1 of 3

ePO Threat Events - Source vs. Target

Jump to solution

We are looking at specific threat events, and I was hoping to get more clarity on how the Threat Source / Target fields are populated.  This is for a network where Host A is ePO connected, and Host B is not ePO connected.

Host A reported an event, showing Host B as Threat Source, and Host A as Threat Target. 

A few specific questions arise:

1. Must Host B be running a McAfee AV product for Host A to flag the event?

2. What mechanism does McAfee use when assigning values to these fields, i.e. what criteria does McAfee use to determine what the Threat Source is?

3. What would the best way be to interpret a situation where the Threat Source is different from the Threat Target?  e.g. Is Host B trying to spam malware across the network?  Are detection events just forwarded to Host A and flagged in ePO as such, since Host B is not connected to ePO?

4. Which log file would give the most details about these threat events? 

Would appreciate any information / detail that would clarify any of the above points, thanks!

1 Solution

Accepted Solutions
rackroyd
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 3

Re: ePO Threat Events - Source vs. Target

Jump to solution

My apologies, but these are really all questions that need to be answered in the group associated to the  point product that is running the scanner - presumably either ENS or VSE ?

ePO only records the events, it does not create them.

Events are created by the locally installed scanner, then passed through the McAfee Agent to the ePO server.

If you can post to whichever point-product group is relevant to your installation, they should be better placed to help answer your questions.

Thx.





Was my reply helpful?


If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

View solution in original post

2 Replies
rackroyd
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 3

Re: ePO Threat Events - Source vs. Target

Jump to solution

My apologies, but these are really all questions that need to be answered in the group associated to the  point product that is running the scanner - presumably either ENS or VSE ?

ePO only records the events, it does not create them.

Events are created by the locally installed scanner, then passed through the McAfee Agent to the ePO server.

If you can post to whichever point-product group is relevant to your installation, they should be better placed to help answer your questions.

Thx.





Was my reply helpful?


If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

View solution in original post

Rudder88
Level 7
Report Inappropriate Content
Message 3 of 3

Re: ePO Threat Events - Source vs. Target

Jump to solution
Yes that makes sense, thank you!
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community