Showing results for 
Search instead for 
Did you mean: 
Level 7
Report Inappropriate Content
Message 1 of 3

Empty CD DVD threat events (19115/19116)

We are using McAfee ePO at our organization which has DLP also. We are facing a problem of machines reporting empty CD/DVD threat events(19115/19116). Our vendor says this is a McAfee bug, but I can't find any reference of this bug online. We don't want ePO to generate threat events every one minute when there is no cD or dvd inserted, and these threat events total to more than 100K per day and thereby makes it impossible to identify actual threat events. We cannot purge these also because if we purge event IDs 19115 and 19116 actual Threat events like USB inserted or CD inserted will also be purged.

2 Replies

Re: Empty CD DVD threat events (19115/19116)

check out this KB McAfee Corporate KB - Device Unplug events appear every 30 seconds in Incident Manager after install...

in summary you can filter those events from being send to the ePO in the first place, by deselecting event ID 19116 from the Event Filtering option under Server Settings in ePO.

Level 7
Report Inappropriate Content
Message 3 of 3

Re: Empty CD DVD threat events (19115/19116)

In this case both plug and unplug is 19115 and 19116 are appearing every 1 minute from each machines . And it is reported as empty CDDVD drive that is even when no cD is inserted. If these event IDs are filtered out, then actual threat events related to USB plug etc Will also be filtered. If anyone has encountered this problem earlier, please provide a solution.

More McAfee Tools to Help You
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • Visit: Business Service Portal
  • More: Search Knowledge Articles
  • ePolicy Orchestrator Support

    • Download the new ePolicy Orchestrator (ePO) Support Center Extension which simplifies ePO management and provides support resources directly in the console. Learn more about ePO Support Center