Showing results for 
Search instead for 
Did you mean: 
Level 7
Report Inappropriate Content
Message 1 of 3

RecordLogs: Manually Disabling Access Protection

Hi Community,

I'm working with McAfee VirusScan Enterprise( and ePolicy Orchestrator (4.6.6) and was wondering:
1) Does McAfee log to EPO or to the local machine if the user manually disables access protection?

2) Is there a way to make McAfee produce a log for when protection is disabled or to generate a notification?

Essentially, I am trying to have the system track if for some reason at any point protection is disabled.


2 Replies
Level 21
Report Inappropriate Content
Message 2 of 3

Re: RecordLogs: Manually Disabling Access Protection

Moved provisionally to ePO for better handling.

Level 14
Report Inappropriate Content
Message 3 of 3

Re: RecordLogs: Manually Disabling Access Protection

My suggestion would be not to let the users disable access protection. It is one of those key features you want on. When configured correctly stops the ability to stop the on access scanner as well as protecting file and registry keys for the mcAfee products.

But I'm not aware of any way to log it. You might want to log when the services get started or stopped, or the scanner get started or stopped.

That can be logged in ePO by turning on the appropriate event type in Menu, Configuration, Server Settings, Event filter

Message was edited by: andrep1 on 10/10/13 11:28:19 EDT AM