cancel
Showing results for 
Search instead for 
Did you mean: 

Threat Event log keeps showing same threat from users

Hi,

For soem reason our Threat Event Logs get filled up with a Malware threat from users C:\Program Files\Java\jre1.6.0_07\lib\rt.jar location, it says action taken none, threat handled false.

The users don't get any Mcafee virus popup, what is this and can I exclude it?

Thanks
6 Replies
tonyb99
Level 13
Report Inappropriate Content
Message 2 of 7

RE: Threat Event log keeps showing same threat from users

check oas logs on machine you will probably find a time out on scanning java files, up the timeout time or exclude them by pattern and location, or exclude timeouts from your events to be reported to epo

RE: Threat Event log keeps showing same threat from users

When I view the remote log file from ePo it shows nothing, where is te local log file kept on the users PC? In ePo it says "timed out" like you said.

You mention "exclude them by pattern and location" within ePo 4.5 where do I do this?

THanks in advance
tonyb99
Level 13
Report Inappropriate Content
Message 4 of 7

RE: Threat Event log keeps showing same threat from users



the onaccessscanlog.txt here:
C:\Documents and Settings\All Users\Application Data\Mcafee\VirusScan
not the agent log

to put exclusions in place you alter the polices for VSE
policy catalogue, vse enterprise xxx, etc etc etc

RE: Threat Event log keeps showing same threat from users

Thanks for finding the time to answer my question:

I've gone to:

Menu > Policy catalog >

Product = Virus Scan Enterprise 8.0
Category = ?

I have these to choose from but can see where to go with these to exclude the file in question:

On-Access General Policies
On-Access Default Processes Policies
On-Access Low-Risk Processes Policies
On-Access High-Risk Processes Policies
On Delivery Email Scan Policies
User Interface Policies
Alert Policies
Access Protection Policies
Buffer Overflow Protection
Unwanted Programs Policies
Quarantine Manager Policies
tonyb99
Level 13
Report Inappropriate Content
Message 6 of 7

RE: Threat Event log keeps showing same threat from users

On-Access Default Processes Policies exclusions section

RE: Threat Event log keeps showing same threat from users

Hi,

Not sure I have done this right, I added the file into the exclusions and will still get the timeout alerts.

In the "What not to scan" I put "jt.jar" exclude subfolders "no" read/write "read/right"

How to handle exclusions is ticked "Overwrite client exclusions. Only exclude items specified in this policy. "