1 Reply Latest reply: Oct 31, 2013 9:24 AM by Scott Sadlocha RSS

    VSE OAS detecting DLP related files


      Hi All, I am currently migrating agents from an ePO 4.5 with HDPL9 and VSE8.8 to an ePO 4.6 with HDLP 9.2 and VSE8.8


      Something I've noticed since migrating is a handful of OAS detections on a handful of agents, all pointing to files within a path similar to the following:


      C:\Documents and Settings\All Users\Application Data\McAfee\DLP\Temp\S-1-5-21-1343024091-1614895754-682003330-3050\TeFilesOutpu t\1\EMB1658.tmp




      C:\Documents and Settings\All Users\Application Data\McAfee\DLP\Temp\S-1-5-21-1343024091-1614895754-682003330-6032\TeFilesOutpu t\2\EMBD1F5.tmp

      Malware (av.pup)






      Does anybody have any ideas on what's causing this? It's causing an unusually high count of detections, but they've all got Malware types associated to them and automatic resolutions.

        • 1. Re: VSE OAS detecting DLP related files
          Scott Sadlocha

          It looks like this question has been out there for a while. My company recently implemented McAfee, and we are seeing this type of activity as well. It looks as if the threats are all in the C:\Documents and Settings\All Users\Application Data\McAfee\DLP\Temp folder structure. We are seeing several different threats indicated, some that I wouldn't expect to see in this location (Java Exploit CVE-2012-1723 is one). Does anyone have any information on this?