We are using McAfee ePO at our organization which has DLP also. We are facing a problem of machines reporting empty CD/DVD threat events(19115/19116). Our vendor says this is a McAfee bug, but I can't find any reference of this bug online. We don't want ePO to generate threat events every one minute when there is no cD or dvd inserted, and these threat events total to more than 100K per day and thereby makes it impossible to identify actual threat events. We cannot purge these also because if we purge event IDs 19115 and 19116 actual Threat events like USB inserted or CD inserted will also be purged.
In this case both plug and unplug is 19115 and 19116 are appearing every 1 minute from each machines . And it is reported as empty CDDVD drive that is even when no cD is inserted. If these event IDs are filtered out, then actual threat events related to USB plug etc Will also be filtered. If anyone has encountered this problem earlier, please provide a solution.
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.
Community Help Hub
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.