2 Replies Latest reply on Jun 9, 2015 7:03 AM by fitchsoccer342

    Event log flooding with McLogEvent 257

    pieterjanolv

      Hello,

       

      Since I moved my 200 windows xp systems to another newer ePO server the event log of all the systemens are flooding with McLogEvent 257.

      "Would be blocked by access protection rule  (rule is in warn-only mode) (Anti-spyware Maximum Protection:Prevent installation of new CLSIDs, APPIDs and TYPELIBs)."

       

      In the Action Protection Log I see alot of these entries:

       

      9/06/201512:01:49Would be blocked by Access Protection rule  (rule is currently not enforced)%username%C:\Program Files\Internet Explorer\iexplore.exe\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}Anti-spyware Maximum Protection:Prevent installation of new CLSIDs, APPIDs and TYPELIBsAction blocked : Delete
      9/06/201512:01:49Would be blocked by Access Protection rule  (rule is currently not enforced)%username%C:\Program Files\Internet Explorer\iexplore.exe\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ InprocServer32Anti-spyware Maximum Protection:Prevent installation of new CLSIDs, APPIDs and TYPELIBsAction blocked : Create

      Does somebody knows how to stop this? (not by disabling the Anti-Spyware Protection warning mode on Prevent installation of new CLSIDs, APPIDs and TYPELIBs)

       

      I am running Agent version 4.8 Patch 3 and VSE 8.8 Patch 4

       

      Kind regards