Those files are created/used by Adobe reader when you print PDF files from within IE. I don't remember now whether we started getting those notices when Adobe released Reader version 9 or when McAfee released VSE version 8.7.
Thanks for the reply!
I did a search with google last night before i got your post as i noticed the alerts were in the same format i.e.
C:\Documents and Settings\xxx.xxx\Local Settings\Temp\Z@Rxxx.tmp
I looked up z@Rxxx.tmp files and saw a forum relating these files with adobe reader.
I have VSE 8.5i so imagine its adobe reader 9 causes these alerts. Why does VSE 8.5i insist on blocking them if theyre harmless? no update from Adobe / McAfee??
Message was edited by: DSFC on 17/03/10 07:55:23 CDT
The access protection rule is "prevent common programs from running from temp folder", so apparently IE/Reader is creating the file and then trying to access it using permissions that include execute. You can define processes to exclude from the rule, but in this case the process is IE, not Reader, and letting IE run programs in the temp folder is risky. It would be nice if there was a way to exclude file names from access protection rules, not just processes. Then you could exclude files like Z@R*.*. I haven't had time to do any official dialog with McAfee (or Adobe) about this, I've just been ignoring the warnings. However, we only have 3 or 4 people that generate these warnings, and even then it is only 5-10 warnings once or twice a week.
What we propose to do is delete the records from the SQL database as we have over 300 alerts (over 3 days) it impairs our ability to check 'real' security threats.
I have recently started working in a Sixth form college (300+ users) and only just getting to grips with ePo 4.0 / VSE 8.5 and its okay for the most part. My real qualm is that you cant to my knowledge purge individual alerts or group of alerts using the web based interface (correct me if im wrong).
I just want ePo to be as streamlined as can be which to me atleast means scanning for threats in as short a time as possible.
again thanks for the reply
I went from ProtectionPilot, which was a stripped-down version of ePO 2 (I think), directly to ePO 4.5. In ePO 4.5, it looks like I can delete alerts from the web interface. However, with ePO 4.5 (perhaps 4.0 also), there may be other tools to filter the events, etc. Perhaps by creating custom reports. I haven't had time to learn/study all the features of ePO 4.5 since we are a small company and I do other things in addition to my IT duties.