cancel
Showing results for 
Search instead for 
Did you mean: 
tesdall
Level 9
Report Inappropriate Content
Message 1 of 12

McAfee Event Log Reporting

Im getting a ton of event log errors:

"Would be blocked by access protection rule  (rule is in warn-only mode) (Anti-virus Maximum Protection:Protect phonebook files from password and email address stealers"

what do i need to do to turn these off?

11 Replies

Re: McAfee Event Log Reporting

Check your access protection settings.

Go to the Policy Catalog, select your Virusscan product, select category: Access Protection Policies, select your assigned policy for this category, edit settings.

Down the left side next to Access Protection Rules you'll see two boxes next to each other, select Anti-virus Maximum Protection in the left side box, check the right box and make sure nothing is ticked next to "Protect phonebook files from password and email address stealers". If you notice at the top of the right side box you see Block/Report/Rules that is the header for what is listed below (they aren't lined up cleanly). I've attached a screen shot of what you should be seeing.

Regards,

Bob

tesdall
Level 9
Report Inappropriate Content
Message 3 of 12

Re: McAfee Event Log Reporting

I still want those to be in the McAfee log. I don't want them in the event log.

apoling
Level 14
Report Inappropriate Content
Message 4 of 12

Re: McAfee Event Log Reporting

Hello,

Please open virusscan console, and select Tools - Alerts. In the window that appears uncheck "Access Protection" under "Components that generate alerts". Also check if on the Additional Alerting tab the Local Alerting section has "Log to local application event log" checkbox is set, if so, uncheck that, too, to be sure.

Now I'm not sure if this is also a managed policy settings in ePO for VirusScan, but you can try there too the same.

Attila

Highlighted
Erik
Level 9
Report Inappropriate Content
Message 5 of 12

Re: McAfee Event Log Reporting

Hello,

Please open virusscan console, and select Tools - Alerts. In the window that appears uncheck "Access Protection" under "Components that generate alerts". Also check if on the Additional Alerting tab the Local Alerting section has "Log to local application event log" checkbox is set, if so, uncheck that, too, to be sure.

Now I'm not sure if this is also a managed policy settings in ePO for VirusScan, but you can try there too the same.

Attila


Attila is right. This is the configuration you are looking for. And indeed the same settings are available in ePO, under the VirusScan Policies > User Interface Policies > Additional Alerting Options > UNCHECK Log to local application event log.

tesdall
Level 9
Report Inappropriate Content
Message 6 of 12

Re: McAfee Event Log Reporting

i don't see it, maybe you can point it out to me.

Erik
Level 9
Report Inappropriate Content
Message 7 of 12

Re: McAfee Event Log Reporting

Sorry I meant Alerting Policies, not User Interface....

tesdall
Level 9
Report Inappropriate Content
Message 8 of 12

Re: McAfee Event Log Reporting

Even though these are my settings its still giving me a lot of stuff in my event log.

picture

apoling
Level 14
Report Inappropriate Content
Message 9 of 12

Re: McAfee Event Log Reporting

I think if you want alerts in your event log, but not that many, you won't be able to further reduce the number of the with these settings.

I recommend these options for you:

- uncheck (i.e. disable) the "Log to local application event log", no matter what event severity you have set (also please check distinction between workstation and server policy, whichever you want the new settings to be applied). this stops logging to local event log.

- leave alerting options as they are, and go through all Access Protection rules (by workstation and server) and unify their settings as to never use one of the options only, but always use both options (i.e block AND report). This means where you now have "report" checked, you either check "block" as well or uncheck "report". Review the rules so no unnecessary rule is active.

- all of the above 🙂

Attila

Re: McAfee Event Log Reporting

Hmmm. The only place to filter what gets forwarded to the server event log is in server settings, event filtering but those are event categories rather than specific rules. If you turn it off for a specific event category then you could be affecting other events of that category type you do want to see.

Presumably you have determined what is currently triggering the alert is legitmate vs. something actually trying to do harm?

Regards,

Bob

More McAfee Tools to Help You
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • Visit: Business Service Portal
  • More: Search Knowledge Articles
  • ePolicy Orchestrator Support

    • Download the new ePolicy Orchestrator (ePO) Support Center Extension which simplifies ePO management and provides support resources directly in the console. Learn more about ePO Support Center