We have 16 servers which are continuously being blocked by Access Protection from McAfee in relation to the HP Insight Foundation Agents process 'CQMGHOST.exe' and as per the article from McAfee https://kc.mcafee.com/corporate/index?page=content&id=KB87659 and various support calls they are stating this a HP issue and HP will need to provide a fix\exclusion list to resolve this.
Has anyone else experienced this issue and how have you resolved it as being shunted between McAfee and HP at the moment?
I've had the same runaround when I had the problem, posted a question here as well. Eventually ran the profiler and was able to block the reporting via McAfee eventually. Permenant solution was to get rid of the HP devices causing the problem, since it was very old HW.
My request for the log entry wasn't meant as a runaround, but to ensure the exclusion was entered properly. We are more than willing to assist in getting it working for you.
I realize this, and you provide great information to folks. Just letting the person know what I encountered and how I eventually resolved the problem. An exclusion did eventually resolve the issue, as well as getting rid of the obsolete HW.
The blocked "CQMGHOST.exe" access protection events are fixed by HP
We initially had an issue with 'CQMGHOST.exe' in our QA environment. This generated up to 6 million events each day. The only fix that I had at that time was to disable the rule. This issue just surfaced in my production environment and reeked havoc with my database. The update that was provided by HP seems to resolve the issue (finally.)
Do you have any idea as to what could possibly have triggered the issue with 'CQMGHOST generating such a huge amount of events?
It's been a while and I no longer remember what it was doing every 10 seconds or more to generate the alerts. I have no idea as to whether the latest HP patch fixes the problem. We got rid of the HP HW causing the problem.
We would have to see the log and get more info from HP for why it would mess with McAfee services, if that is what it was doing. Some products just check for permissions to do things on the system without actually doing anything. It all depends on the product. However, instead of disabling the rule, you could add that process as an exception to the rule.