3 Replies Latest reply on Oct 23, 2014 2:54 AM by justav

    VSE Access Protection Blocking "System" and "NT Authority/System" for self protect rules

    Namster

      So I deployed VSE to an endpoint and it started triggering a lot of the self protect rules, anyone have any ideas as to why this system might be triggering so many events? My other systems don't throw these events.

       

      Detecting  Product Name:VirusScan Enterprise
      Detecting  Product Version:8.8
      Threat  Source Process Name:System
      Threat  Source URL:
      Threat  Target User Name:NT AUTHORITY\SYSTEM
      Threat  Target File Path:C:\Program Files\Common  Files\McAfee\SystemCore\entvutil.exe
      Event  Category:'File' class or access
      Event  ID:1092
      Threat  Severity:Notice
      Threat  Name:Common Standard  Protection:Prevent modification of McAfee files and settings
      Threat  Type:access protection
      Action  Taken:deny write
      Threat  Handled:TRUE
      Analyzer  Detection Method:OAS

       

      This is an example for one of the files, the other events list other mcafee files.