Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
1322 Views 9 Replies Latest reply: Jun 24, 2013 5:27 AM by vuilverwerking RSS
priyankay Newcomer 27 posts since
May 7, 2013
Currently Being Moderated

Jun 19, 2013 12:09 AM

Action Taken : : Access Denied

Hi All..,

 

In VSE, Threat  is detected but it didnt take any action on the virus.It showing "Access Denied

 

Why..??

 

Can any one explain me why this access denied is appearing..??

 

I am attaching the screenshots please find it..??

 

Any suggestions?

  • Attila Polinger Veteran 1,161 posts since
    Dec 8, 2009
    Currently Being Moderated
    1. Jun 19, 2013 2:53 AM (in response to priyankay)
    Re: Action Taken : : Access Denied

    Hi,

     

    possibly access denied is the primary/secondary action when a threat is found in the OAS, ODS or PUP Deaful, Low Risk or High Risk policy that these hosts receive. Please check it.

     

    (in your reply, please state the type and version of VSE, too)

     

    In certain other situation this error can also be returned, for example see KB60542.

     

    Attila

  • Attila Polinger Veteran 1,161 posts since
    Dec 8, 2009
    Currently Being Moderated
    3. Jun 20, 2013 3:40 AM (in response to priyankay)
    Re: Action Taken : : Access Denied

    Could you prepare a query for those events so it also contains the following information:

     

    - Threat name

    - Threat category

    - Event category

    - Threat target/source file path (both if exist)

    - Action taken

    - Event Description

    - Analyzer Detection method.

     

    And upload a screenshot and the picture of it here.

     

    Thanks.

  • Attila Polinger Veteran 1,161 posts since
    Dec 8, 2009
    Currently Being Moderated
    5. Jun 21, 2013 12:56 AM (in response to priyankay)
    Re: Action Taken : : Access Denied

    The threat target file path suggests that the .lnk could be on a non-local drive such as a remote drive or a CD-ROM, or on an otherwise unwriteable location/position, which might refuse deleting the file ( a .LNK cannot be cleaned just deleted) so it returns an access denied message which may be the response VSE gets and just passes on.

     

    Message was edited by: apoling on 21/06/13 07:56:02 CEST
  • vuilverwerking Newcomer 91 posts since
    Apr 27, 2006
    Currently Being Moderated
    6. Jun 21, 2013 7:18 AM (in response to priyankay)
    Re: Action Taken : : Access Denied

    Capture.JPG

    Capture.JPG


    -----------------------------------------------------------------------------------------------------------------------------------------
    Windows Server 2012, 2008 R2, 2003 R2  / Linux RedHat 4.0 Enterprise
    EPO Server 5.0.1
    EPO Agent 4.8 & 4.6
    VirusScan + AntiSpyware Enterprise 8.8i - Patch 2 & 3 Engine 5400 & 5600 (110 clients, 20 Servers)
    McAfee Security for Exchange 7.6
    LinuxShield 1.7
  • Attila Polinger Veteran 1,161 posts since
    Dec 8, 2009
    Currently Being Moderated
    7. Jun 24, 2013 3:53 AM (in response to vuilverwerking)
    Re: Action Taken : : Access Denied

    I'm uncertain about that the Blocking tab's configuration relates in some way to the "access denied" that OAS gives when neither of the actions defined can be performed.

    I was under the impression that "Blocking"  means that whenever there is a threat intorduced on a user's computer in a shared folder, then the "remote user"'s ID who has copied, etc. the file there with be assigned a "No Access" right on the share (for the time limit defined also here).

    What is your opinion?

  • vuilverwerking Newcomer 91 posts since
    Apr 27, 2006
    Currently Being Moderated
    8. Jun 24, 2013 5:25 AM (in response to Attila Polinger)
    Re: Action Taken : : Access Denied

    You are right Attila, just tested it with a EICAR file. It is not the Network Block.


    -----------------------------------------------------------------------------------------------------------------------------------------
    Windows Server 2012, 2008 R2, 2003 R2  / Linux RedHat 4.0 Enterprise
    EPO Server 5.0.1
    EPO Agent 4.8 & 4.6
    VirusScan + AntiSpyware Enterprise 8.8i - Patch 2 & 3 Engine 5400 & 5600 (110 clients, 20 Servers)
    McAfee Security for Exchange 7.6
    LinuxShield 1.7
  • vuilverwerking Newcomer 91 posts since
    Apr 27, 2006
    Currently Being Moderated
    9. Jun 24, 2013 5:27 AM (in response to priyankay)
    Re: Action Taken : : Access Denied

    Priyankay, what is the message you get on de client side?

    It has to be,

     

    Capture.JPG


    -----------------------------------------------------------------------------------------------------------------------------------------
    Windows Server 2012, 2008 R2, 2003 R2  / Linux RedHat 4.0 Enterprise
    EPO Server 5.0.1
    EPO Agent 4.8 & 4.6
    VirusScan + AntiSpyware Enterprise 8.8i - Patch 2 & 3 Engine 5400 & 5600 (110 clients, 20 Servers)
    McAfee Security for Exchange 7.6
    LinuxShield 1.7

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • Correct Answers - 5 points
  • Helpful Answers - 3 points