cancel
Showing results for 
Search instead for 
Did you mean: 
Erik
Level 9
Report Inappropriate Content
Message 11 of 12

Re: McAfee Event Log Reporting

Well to be honest, the far far best way to prevent those log events is to prevent the event from occuring at all!

You see you only allow severe events to be added to your windows event log. The reason why this specific event is added to your event log therefore is because it's.... guess what.... severe! You are about to ignore all severe events, which I reckon is a bad thing to do: You would miss virus detections or failed updates as well. Better is to find out why the event is triggered and solve the source of it (best option) OR either create a correct exception in your application rule (second best option) or disable that specific application rule completely (third best).

apoling
Level 14
Report Inappropriate Content
Message 12 of 12

Re: McAfee Event Log Reporting

Erik,

while I completely agree with most what you wrote here I must add that in my opinion the alerting feature is only a complementary solution to get informed about events in a centrally managed environment (although a good one). This feature has been developed before central management and event collection, and as such rightly contained the function of using the local event logs.

In my opinion with the central management and event collection, the sending alerts to the event logs might be having less and less importance especially in the light of the fact that there is a separate Access Protection log on each client as well.

Now we'd be having three different logging destinations for the same event and considering that Access Protection seem to be quite productive at times, I'd say that alerting to the event log is really an option for the kind of users who want to ensure nothing avoids their attention.

Is there a way to further finetune which e.g. severe events would get in the event log for a particular alerting source? I guess there isn't..

Message was edited by: Attila Polinger on 9/29/10 7:46:24 AM CEST
More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator