We have faced the same issue before one month but we have faced DC problem and McAfee suggested us to to disable the scriptscan so what we have did is we have installed McAfee with script scan disabled using custom instrallation option on 2 problamatic server and we have monitored more than two weeks after that we didn't faced any issue so we have disabled script scan on all problamatic DC servers now our server is running perfectly ...test this idea on one of your machine and monitor it
Protection:Prevent termination of McAfee processes Action blocked : Terminate
1/9/2012 5:10:00 AM Blocked by Access Protection rule NT AUTHORITY\SYSTEM C:\Windows\system32\conhost.exe C:\Program Files (x86)\McAfee\Common Framework\McScript_InUse.exe Common Standard Protection:Prevent termination of McAfee processes Action blocked : Terminate
I'm unclear what processes you've excluded. We run LANDesk and also experienced this issue after I installed McAfee 8.8. I'm pretty sure I resolved it by adding the LANDesk process "StartAsUser.exe" to the Exclusion list on Access Protection Policies>Common Standard Protection>Prevent Termination of mcafee processes.
This might be of interest to you, second post:
This is how it works, setting an exclusion is the correct way of adddressing it or get in touch with LanDesk and ask them why the process seeks to aquire a terminate handle on the MFE process.
I work on Nitro SIEM. I saw 10,000 events of this type just in one day for ePO logginf to Nitro SIEM
C:\Program Files (x86)\RemotelyAnywhere\x64\RaMaint.exe C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe
ThreatName='Common Standard Protection:Prevent termination of McAfee processes' ThreatEventID='1092' ThreatType='access protection' ThreatActionTaken='deny terminate' ThreatHandled='1'
Although this was blocked by ePO, I am curious as to what needs to done be avoid such occurances. Why will RaMaint.exe try to terminate a McAfee process?
Thanks for your help in advance.