so my second question and I have again to say that you are a great forum and helping me a lot.
When I do my queries und my automatic response for unhandled threats I get these events very often:
- 1051 "Password protected file"
- 1059 "Scan timed out"
Now I have googled for these events and I often read, I should deactive the Events in the "Event filtering" configuration. Is this really the correct way?
For 1051, I think it is because McAfee will never be able to scan a Passwort protected file. But what about 1059? Are there better ways to handle that?
Thanks for your help.
Yes u have to deactivate those event IDs(1051&1059)
1059-Scan Time Out is generally the OAS will scan the files which are currently in use .if the scanning will take longer time then the OAS will restart itself and release the file or peocess
for this u need to exclude all the critical applications running on ur environment. so that u can avoid the scan time out error .
Thanks and Regards