These started appearing for me too - go to look for these magic policies that are tripping and nothing was there.
Found a link for the extension in a PDF file from mcafee's website and now the extension is loaded.
Trying to determine if this caused all the access protection entries - my SQL database went from 34gb to 170gb.
There are 70 million entries added since 1st of July (give or take)
Bitch of a job to run the SQL query to remove them....slow slow process.
At least since the install of the extension, my server is now more responsive and CPU sitting at 65% - before it was constantly 95+% from processing all these events as far as I can tell.
Looks like McAfee has created a KB article for this issue. They say it is safe to ignore. KB85155
Safe to ignore? From a threat perspective, perhaps. But its not safe to ignore the over 50,000 a day useless events being written to my McAfee DB. McAfee added rules to AP with no way to modify or disable the rules, and the "fix" is to ignore the problem?
This needs to be fixed urgently. The DAT Reputation rules should be removed from AP until there is a way to edit them. That is the only reasonable short term solution.
Agreed. The lackadaisical approach to their own mistake is quite concerning.
This problem has been taking up a lot of my time and all the extra noise these notifications generate can distract you from any real issues.
Agree - its pathetic.
The SQL database just spent 20+ hours deleting nearly 40 million rows
I still have 1092 turned off - planning to turn it back on this morning and monitor now that the extension is in place - hoping it doesnt cause the same problem, but still....there is no AP rule for VSE or DAT reputation to adjust to ignore CCMEXEC.EXE for those DAT triggers.
Intel Security has published an SNS notice regarding this issue.
Fixes are targeted for release to CommonUpdater3 on July 15th and to CommonUpdater on July 22nd.
As always, dates are tentative and could change.
My support ticket with McAfee on this issue was just closed as a PER (Product Enhancement Request).
If you are having issues with McAfee DAT reputation adding rules to your Access Protection policies without a way to edit them, and this is causing an undesirable outcome please be sure to open a support ticket with McAfee on the issue so that this "request" can be properly prioritized by McAfee.