Article Number: 000189881
Продукти, на які впливають:
Dell Endpoint Security Suite для підприємств
Впливає на такі версії:
від 2.8 до 2.9
Малюнок 1: (Лише англійською мовою) Оповіщення в консолі сервера
Події в C:\Programdata\Dell\Dell Data Protection\DellAgent.log
може мати записи, подібні до цього:
[04912] (00008) W AVAS : NT AUTHORITY\SYSTEM ran C:\Program Files\Dell\Dell Data Protection\Advanced Threat Protection\CylanceSvc.exe, which attempted to access the process mfefw.exe, violating the rule "Core Protection - Protect McAfee processes from unauthorized access and termination", and was blocked. For information about how to respond to this event, see KB85494. [04912] (00007) W AVAS : received Information threat protection event: BO=SP Id=1092 [04912] (00007) W AVAS : NT AUTHORITY\SYSTEM ran C:\Program Files\Dell\Dell Data Protection\Advanced Threat Protection\CylanceSvc.exe, which attempted to access the process mfewc.exe, violating the rule "Core Protection - Protect McAfee processes from unauthorized access and termination", and was blocked. For information about how to respond to this event, see KB85494. [04912] (00004) W AVAS : received Information threat protection event: BO=SP Id=1092 [04912] (00004) W AVAS : NT AUTHORITY\SYSTEM ran C:\Program Files\Dell\Dell Data Protection\Advanced Threat Protection\CylanceSvc.exe, which attempted to access the process mfeesp.exe, violating the rule "Core Protection - Protect McAfee processes from unauthorized access and termination", and was blocked. For information about how to respond to this event, see KB85494. [04912] (00007) W AVAS : received Information threat protection event: BO=SP Id=1092 [04912] (00007) W AVAS : NT AUTHORITY\SYSTEM ran C:\Program Files\Dell\Dell Data Protection\Advanced Threat Protection\CylanceSvc.exe, which attempted to access the process mfewch.exe, violating the rule "Core Protection - Protect McAfee processes from unauthorized access and termination", and was blocked. For information about how to respond to this event, see KB85494.
Об'єкт McAfee SelfProtection_Activity.log
можуть містити такі записи:
mfeesp(7716.9896) ApBl.SP.Activity: NT AUTHORITY\SYSTEM ran CYLANCESVC.EXE, which attempted to access MFEWC.EXE, violating the rule "Core Protection - Protect McAfee processes from unauthorized access and termination", and was blocked. For information about how to respond to this event, see KB85494. mfeesp(7716.9896) ApBl.SP.Activity: NT AUTHORITY\SYSTEM ran CYLANCESVC.EXE, which attempted to access MFEESP.EXE, violating the rule "Core Protection - Protect McAfee processes from unauthorized access and termination", and was blocked. For information about how to respond to this event, see KB85494. mfeesp(7716.9896) ApBl.SP.Activity: NT AUTHORITY\SYSTEM ran CYLANCESVC.EXE, which attempted to access MFEFW.EXE, violating the rule "Core Protection - Protect McAfee processes from unauthorized access and termination", and was blocked. For information about how to respond to this event, see KB85494. mfeesp(7716.9900) ApBl.SP.Activity: SPRINGSCREATIVE\jcampbe-la ran IE4UINIT.EXE, which tried to access HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\ENABLE BROWSER EXTENSIONS, violating the rule "Web Control - Protect plug-in registry keys and values", and was blocked. For information about how to respond to this event, see KB85494.
Сертифікат підпису від McAfee не відповідає сертифікату Cylance і потребує оновлення.
Проблему вирішено в Dell Endpoint Security Suite Enterprise v3.0 для Windows.
Щоб зв'язатися зі службою підтримки, зверніться за номерами телефонів міжнародної служби підтримки Dell Data Security.
Перейдіть до TechDirect , щоб згенерувати запит на технічну підтримку онлайн.
Щоб отримати додаткову інформацію та ресурси, приєднуйтесь до форуму спільноти Dell Security Community.
Dell Endpoint Security Suite Enterprise
15 Dec 2022
7
Solution