I'm working with McAfee VirusScan Enterprise(22.214.171.1245) and ePolicy Orchestrator (4.6.6) and was wondering:
1) Does McAfee log to EPO or to the local machine if the user manually disables access protection?
2) Is there a way to make McAfee produce a log for when protection is disabled or to generate a notification?
Essentially, I am trying to have the system track if for some reason at any point protection is disabled.
My suggestion would be not to let the users disable access protection. It is one of those key features you want on. When configured correctly stops the ability to stop the on access scanner as well as protecting file and registry keys for the mcAfee products.
But I'm not aware of any way to log it. You might want to log when the services get started or stopped, or the scanner get started or stopped.
That can be logged in ePO by turning on the appropriate event type in Menu, Configuration, Server Settings, Event filterMessage was edited by: andrep1 on 10/10/13 11:28:19 EDT AM