I found some event logs in our ePO server for some VSE events with a threat name in chinese, which set off some big alarm bells.
Threat name - 反間諜軟體最大保護:防止從 Temp 資料夾執行指令碼
Anyone seen this before? It looks highly suspicious.
The fact that this threat name would be coming from a field in the event logs that is populated by the McAfee product itself, rather than information about a particular host, is kind of weird, unless McAfee has merged some content from a chinese affiliate into their product.
Anti-spyware protection: prevent run scripts from the Temp folder
YOu may go into this rule and edit the settings or let it be as it is.
But that's not the point.
The point is why is there a "threat name" in chinese in the first place? Did McAfee put that threat name in there or is this an indication that our VSE database has been compromised?