This content has been marked as final. Show 8 replies
Customize that query to exclude any detections with BLANK as such:
Threat Name = Value is not blank
I also have it set so only VirusScan is the detecting product as such:
Detecting Product Name = VirusScan Enterprise
Thanks for the heads up.
I'l put in an exclusion on the detection but do we know why McAfee is reporting its own files as Viruses?
Have a look at the description for Events 1059 and 1051 and you'll see it's usually "Unable to scan, password protected" or "Unable to scan : timeout"
It is normal to see this as an alert as it means some files could not be scanned.
Now I have put filters on these two events on most of my reports and I've added specific report for these two events. There's nothing you can do about "password protected" (e.g. ZIP files) except forbid them throughout the company (which I don't have the power to do). As for timeouts, you may play with the VSE settings and increase the delays a bit...
Many thanks guys.
Added in the exceptions today and duplicated the reports as well just for blanks.
Easier way is to configure event filtering so that agents don't sent "scan timed out" events back to ePO server.
Configuration / Server Settings / Event Filtering...
Edit, tick "only selected events", and untick event 1059.
Phil thanks for the update, i'l consider that.
At the moment i would like to be able to keep an eye on the time-out's from time to time to make sure that the machines/users are not messing around with passworded zips as they shouldnt be.
Password protected files have another event code - 1051
haha bingo course they do! Event filtering time it is...
Meh another thing to the list to do sad lol