Im seeing this event in my CSAMC. Can someone tell me what it is doing and should an exception be created for this?
The 'Alert Manager Event Interface' service logged event code 257 into the application event log: VirusScan Enterprise: Would be blocked by behaviour blocking rule (rule is currently in warn mode) (warn only mode!).(from COMPUTERNAME IP x.x.x.x user SYSTEM running VirusScan Enter 8.0 OAS)
I'd look at the event log on the machine in question first. It sounds like Alert manager is failing.
Take a look at this:
Hi Adam, I'm not sure without actually seeing the machine.
It sounds like CSA is just logging the event, not causing it.
I'd look at the Alert Manager settings on the machine(s) to see if they are configured correctly.
Is this just one machine or all?
Hey Tom, in doing some additional research turned out that our McAfee agent lost communication with the ePO server. That message that I was seeing was probably a notification of just that, cant establish comms with the server.