We are using McAfee ePO at our organization which has DLP also. We are facing a problem of machines reporting empty CD/DVD threat events(19115/19116). Our vendor says this is a McAfee bug, but I can't find any reference of this bug online. We don't want ePO to generate threat events every one minute when there is no cD or dvd inserted, and these threat events total to more than 100K per day and thereby makes it impossible to identify actual threat events. We cannot purge these also because if we purge event IDs 19115 and 19116 actual Threat events like USB inserted or CD inserted will also be purged.
in summary you can filter those events from being send to the ePO in the first place, by deselecting event ID 19116 from the Event Filtering option under Server Settings in ePO.
In this case both plug and unplug is 19115 and 19116 are appearing every 1 minute from each machines . And it is reported as empty CDDVD drive that is even when no cD is inserted. If these event IDs are filtered out, then actual threat events related to USB plug etc Will also be filtered. If anyone has encountered this problem earlier, please provide a solution.
Download the new ePolicy Orchestrator (ePO) Support Center Extension which simplifies ePO management and provides support resources directly in the console. Learn more about ePO Support Center