cancel
Showing results for 
Search instead for 
Did you mean: 
binny
Level 7
Report Inappropriate Content
Message 11 of 23

Re: DAT Reputation Message

Thanks for your answer wwarren. Much appreciated.

Reliable Contributor malware-alerts
Reliable Contributor
Report Inappropriate Content
Message 12 of 23

Re: DAT Reputation Message

Ended up opening a Service Request for this to get an 'official answer' and was told:

  1. McAfee is aware of the "issue"
  2. DEV is working on it.

No ETA for resolution as of yet.

damiafaw
Level 10
Report Inappropriate Content
Message 13 of 23

Re: DAT Reputation Message

These started appearing for me too - go to look for these magic policies that are tripping and nothing was there.

Found a link for the extension in a PDF file from mcafee's website and now the extension is loaded.

Trying to determine if this caused all the access protection entries - my SQL database went from 34gb to 170gb.

There are 70 million entries added since 1st of July (give or take)

Bitch of a job to run the SQL query to remove them....slow slow process.

At least since the install of the extension, my server is now more responsive and CPU sitting at 65% - before it was constantly 95+% from processing all these events as far as I can tell.

Reliable Contributor twenden
Reliable Contributor
Report Inappropriate Content
Message 14 of 23

Re: DAT Reputation Message

Looks like McAfee has created a KB article for this issue. They say it is safe to ignore. KB85155

McAfee KnowledgeBase - VirusScan Enterprise Access Protection logs a rule violation for the DAT Repu...

Highlighted

Re: DAT Reputation Message

Safe to ignore?  From a threat perspective, perhaps.  But its not safe to ignore the over 50,000 a day useless events being written to my McAfee DB.  McAfee added rules to AP with no way to modify or disable the rules, and the "fix" is to ignore the problem?

This needs to be fixed urgently. The DAT Reputation rules should be removed from AP until there is a way to edit them.  That is the only reasonable short term solution.

binny
Level 7
Report Inappropriate Content
Message 16 of 23

Re: DAT Reputation Message

Agreed. The lackadaisical approach to their own mistake is quite concerning.

This problem has been taking up a lot of my time and all the extra noise these notifications generate can distract you from any real issues. 

damiafaw
Level 10
Report Inappropriate Content
Message 17 of 23

Re: DAT Reputation Message

Agree - its pathetic.

The SQL database just spent 20+ hours deleting nearly 40 million rows

I still have 1092 turned off - planning to turn it back on this morning and monitor now that the extension is in place - hoping it doesnt cause the same problem, but still....there is no AP rule for VSE or DAT reputation to adjust to ignore CCMEXEC.EXE for those DAT triggers.

tomz2
Level 11
Report Inappropriate Content
Message 18 of 23

Re: DAT Reputation Message

All -

Intel Security has published an SNS notice regarding this issue.

Fixes are targeted for release to CommonUpdater3 on July 15th and to CommonUpdater on July 22nd.

As always, dates are tentative and could change.

Re: DAT Reputation Message

My support ticket with McAfee on this issue was just closed as a PER (Product Enhancement Request).  

If you are having issues with McAfee DAT reputation adding rules to your Access Protection policies without a way to edit them, and this is causing an undesirable outcome please be sure to open a support ticket with McAfee on the issue so that this "request" can be properly prioritized by McAfee.

Re: DAT Reputation Message

Has this been resolved for anyone?  We are still seeing the log messages.

More McAfee Tools to Help You

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community