cancel
Showing results for 
Search instead for 
Did you mean: 

Event log flooding with McLogEvent 257

Hello,

Since I moved my 200 windows xp systems to another newer ePO server the event log of all the systemens are flooding with McLogEvent 257.

"Would be blocked by access protection rule  (rule is in warn-only mode) (Anti-spyware Maximum ProtectionSmiley Tonguerevent installation of new CLSIDs, APPIDs and TYPELIBs)."

In the Action Protection Log I see alot of these entries:

9/06/201512:01:49Would be blocked by Access Protection rule  (rule is currently not enforced)%username%C:\Program Files\Internet Explorer\iexplore.exe\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}Anti-spyware Maximum ProtectionSmiley Tonguerevent installation of new CLSIDs, APPIDs and TYPELIBsAction blocked : Delete
9/06/201512:01:49Would be blocked by Access Protection rule  (rule is currently not enforced)%username%C:\Program Files\Internet Explorer\iexplore.exe\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\InprocServer32Anti-spyware Maximum ProtectionSmiley Tonguerevent installation of new CLSIDs, APPIDs and TYPELIBsAction blocked : Create

Does somebody knows how to stop this? (not by disabling the Anti-Spyware Protection warning mode on Prevent installation of new CLSIDs, APPIDs and TYPELIBs)

I am running Agent version 4.8 Patch 3 and VSE 8.8 Patch 4

Kind regards

2 Replies
exbrit
Level 21
Report Inappropriate Content
Message 2 of 3

Re: Event log flooding with McLogEvent 257

Moved to ePO for faster response.

---

Peter

Moderator

Re: Event log flooding with McLogEvent 257

Well to stop it, you would add iexplore.exe in the "processes to exclude" portion of that AP policy, however, I would be a bit leary of just throwing IE into that rule if you are using that rule for something specific in your environment.