Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
341 Views 1 Reply Latest reply: Oct 31, 2013 9:24 AM by Scott Sadlocha RSS
townendk Newcomer 20 posts since
Oct 27, 2011
Currently Being Moderated

May 24, 2013 9:38 AM

VSE OAS detecting DLP related files

Hi All, I am currently migrating agents from an ePO 4.5 with HDPL9 and VSE8.8 to an ePO 4.6 with HDLP 9.2 and VSE8.8

 

Something I've noticed since migrating is a handful of OAS detections on a handful of agents, all pointing to files within a path similar to the following:

 

C:\Documents and Settings\All Users\Application Data\McAfee\DLP\Temp\S-1-5-21-1343024091-1614895754-682003330-3050\TeFilesOutpu t\1\EMB1658.tmp

Exploit-FCN!CVE2013-0422

Trojan

 

C:\Documents and Settings\All Users\Application Data\McAfee\DLP\Temp\S-1-5-21-1343024091-1614895754-682003330-6032\TeFilesOutpu t\2\EMBD1F5.tmp

Malware (av.pup)

PWCrack-Oracle

 

etc.

 

 

Does anybody have any ideas on what's causing this? It's causing an unusually high count of detections, but they've all got Malware types associated to them and automatic resolutions.

  • Scott Sadlocha Newcomer 40 posts since
    Jun 12, 2013
    Currently Being Moderated
    1. Oct 31, 2013 9:24 AM (in response to townendk)
    Re: VSE OAS detecting DLP related files

    It looks like this question has been out there for a while. My company recently implemented McAfee, and we are seeing this type of activity as well. It looks as if the threats are all in the C:\Documents and Settings\All Users\Application Data\McAfee\DLP\Temp folder structure. We are seeing several different threats indicated, some that I wouldn't expect to see in this location (Java Exploit CVE-2012-1723 is one). Does anyone have any information on this?

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • Correct Answers - 5 points
  • Helpful Answers - 3 points