cancel
Showing results for 
Search instead for 
Did you mean: 

Switched off Server sending out Virusscan Alerts

I am getting in ePO Malware alerts (AV.PUP) from a machine that investigations show is not switched on. The machine in question is a virtual system, used for cloning Citrix servers, that is switched off. I am getting the same 4 ePO alerts around the same time every day (5 in the morning) with the same event IDs ( 16890369, 9615617, 2341121,7519233) with an Event Generated Time of 30/12/99 00:00:00. I have no idea what is sending out these events and I cannot think how I can diagnose what is. Does anyone have any idea where I can start?
3 Replies
Highlighted
McAfee Employee Hawkmoon
McAfee Employee
Report Inappropriate Content
Message 2 of 4

Re: Switched off Server sending out Virusscan Alerts

Hi User62974384,

My first thought on this post was, duplicate devices or McAfee Agent implementation.

As these are 'virtual' devices, how did you install the McAfee agent?
(Any switches used, please list them here)
Likewise, what version of MA are you using please?

With regards to 'duplicates', if you use ePOs quick find for the device how many returns do you get? 1 or ....?

Was my reply helpful?

If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

Reliable Contributor Daniel_S
Reliable Contributor
Report Inappropriate Content
Message 3 of 4

Re: Switched off Server sending out Virusscan Alerts

My guess on this is that you have a duplicate GUID not necessary seen as duplicate system in the tree...

Maybe check that with a query and do a maconfig -enforce -noguid

Could also be IP / DNS related.

Best regards
Dan
McAfee Employee cdinet
McAfee Employee
Report Inappropriate Content
Message 4 of 4

Re: Switched off Server sending out Virusscan Alerts

Is there anything that happens at 5 am in the morning when those alerts go out?  Is the alert configured to show IP or mac address of the system also?  Is that system reimaged at that time or used to bring up another image?  It is possible if that is the case, the original image has those pup files and every time it is reimaged or brought back up new, those same files may exist still. 

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

More McAfee Tools to Help You

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community