Are you talking about Access protection in MOVE or scanning issue with MOVE ?
I am talking about Access Protection-like behavior and events while using MOVE. We previously had VSE on servers. If an admin encountered a block, for instance, while installing a patch, I could go into Events in the ePO console for that device and see the event related to the block. However, since switching to MOVE Multi-Platform, it seems that there are no longer events like that. Do these type of events even occur with MOVE? I have looked at the device itself, the Offload Scan Server, and the SVA Manager. In all of these, if there is an actual threat event, I see it, but if there is a block from something like Access Protection, I am not seeing events. I hope this explains it better.
The access protection feature is not available in MOVE Multiplatform and hence you will not get any such block events.
I agree with rajinp,
move and VSE are two completely different products.
- OnAccess/OnDmenad scan (scriptscan)
- e-mail scan
- Buffer Overflow Protection
- Access Protection
- OnAccess Scan with the Move Agent
- OnDemand Scan with OSS.(Offload Scanner)
Therefore you can only see Threat Events with malware from Move Agent, no other events.
If you want more protection you can installed HIPS or Application Control on your server.
- HIPS: Replaces also an Buffer Overflow Protection (because HIPS uses generic buffer overflow instead of 20-30 "Signatures) in VSE)
- HIPS/Application Control: Memory Protection (if both are installed disable the Memory Protection Feature in Application control)
Hope this helps,
Thank you both! This is exactly the information I was looking for.