Dell Endpoint Security Suite Enterprise и McAfee могут оповещать CylanceSvc.exe при каждой загрузке

Затронутые продукты:

Dell Endpoint Security Suite Enterprise

Затронутые версии:

С версии 2.8 до 2.9

Рис. 1. (только на английском языке) Оповещение в консоли сервера

События в C:\Programdata\Dell\Dell Data Protection\DellAgent.log могут иметь записи, подобные этому:

 [04912] (00008) W AVAS : NT AUTHORITY\SYSTEM ran C:\Program Files\Dell\Dell Data Protection\Advanced Threat Protection\CylanceSvc.exe, which attempted to access the process mfefw.exe, violating the rule "Core Protection - Protect McAfee processes from unauthorized access and termination", and was blocked. For information about how to respond to this event, see KB85494.

 [04912] (00007) W AVAS : received Information threat protection event: BO=SP Id=1092
 [04912] (00007) W AVAS : NT AUTHORITY\SYSTEM ran C:\Program Files\Dell\Dell Data Protection\Advanced Threat Protection\CylanceSvc.exe, which attempted to access the process mfewc.exe, violating the rule "Core Protection - Protect McAfee processes from unauthorized access and termination", and was blocked. For information about how to respond to this event, see KB85494.

 [04912] (00004) W AVAS : received Information threat protection event: BO=SP Id=1092
 [04912] (00004) W AVAS : NT AUTHORITY\SYSTEM ran C:\Program Files\Dell\Dell Data Protection\Advanced Threat Protection\CylanceSvc.exe, which attempted to access the process mfeesp.exe, violating the rule "Core Protection - Protect McAfee processes from unauthorized access and termination", and was blocked. For information about how to respond to this event, see KB85494.

 [04912] (00007) W AVAS : received Information threat protection event: BO=SP Id=1092
 [04912] (00007) W AVAS : NT AUTHORITY\SYSTEM ran C:\Program Files\Dell\Dell Data Protection\Advanced Threat Protection\CylanceSvc.exe, which attempted to access the process mfewch.exe, violating the rule "Core Protection - Protect McAfee processes from unauthorized access and termination", and was blocked. For information about how to respond to this event, see KB85494.

Сочетание клавиш McAfee SelfProtection_Activity.log могут иметь следующие записи:

mfeesp(7716.9896)  ApBl.SP.Activity: NT AUTHORITY\SYSTEM ran CYLANCESVC.EXE, which attempted to access MFEWC.EXE, violating the rule "Core Protection - Protect McAfee processes from unauthorized access and termination", and was blocked. For information about how to respond to this event, see KB85494.

mfeesp(7716.9896)  ApBl.SP.Activity: NT AUTHORITY\SYSTEM ran CYLANCESVC.EXE, which attempted to access MFEESP.EXE, violating the rule "Core Protection - Protect McAfee processes from unauthorized access and termination", and was blocked. For information about how to respond to this event, see KB85494.

mfeesp(7716.9896)  ApBl.SP.Activity: NT AUTHORITY\SYSTEM ran CYLANCESVC.EXE, which attempted to access MFEFW.EXE, violating the rule "Core Protection - Protect McAfee processes from unauthorized access and termination", and was blocked. For information about how to respond to this event, see KB85494.

mfeesp(7716.9900)  ApBl.SP.Activity: SPRINGSCREATIVE\jcampbe-la ran IE4UINIT.EXE, which tried to access HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\ENABLE BROWSER EXTENSIONS, violating the rule "Web Control - Protect plug-in registry keys and values", and was blocked. For information about how to respond to this event, see KB85494.

Сертификат подписи McAfee не соответствует сертификату Cylance и требует обновления.

Эта проблема решена в Dell Endpoint Security Suite Enterprise версии 3.0 для Windows.

Чтобы связаться со службой поддержки, см. Номера телефонов международной службы поддержки Dell Data Security.
Перейдите в TechDirect, чтобы создать запрос на техническую поддержку в режиме онлайн.
Для получения дополнительной информации и ресурсов зарегистрируйтесь на форуме сообщества Dell Security.