10-02-2007 10:02 AM
Im seeing this event in my CSAMC. Can someone tell me what it is doing and should an exception be created for this?
The 'Alert Manager Event Interface' service logged event code 257 into the application event log: VirusScan Enterprise: Would be blocked by behaviour blocking rule (rule is currently in warn mode) (warn only mode!).(from COMPUTERNAME IP x.x.x.x user SYSTEM running VirusScan Enter 8.0 OAS)
10-02-2007 10:11 AM
I'd look at the event log on the machine in question first. It sounds like Alert manager is failing.
Take a look at this:
Tom
10-02-2007 10:22 AM
Hey Tom, thanks for the prompt reply. Is CSA blocking this activity causing this alert from what you can tell?
Thanks,
Adam
10-02-2007 11:54 AM
Hi Adam, I'm not sure without actually seeing the machine.
It sounds like CSA is just logging the event, not causing it.
I'd look at the Alert Manager settings on the machine(s) to see if they are configured correctly.
Is this just one machine or all?
Tom
10-03-2007 04:30 AM
Hey Tom, in doing some additional research turned out that our McAfee agent lost communication with the ePO server. That message that I was seeing was probably a notification of just that, cant establish comms with the server.
Thanks again,
Adam
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide