Dell Endpoint Security Suite Enterprise und McAfee geben möglicherweise bei jedem Start eine Warnmeldung CylanceSvc.exe aus.

Betroffene Produkte:

• Dell Endpoint Security Suite Enterprise

Betroffene Versionen:

• Version 2.8 bis 2.9

Die Ereignisse in der C:\Programdata\Dell\Dell Data Protection\DellAgent.log kann Einträge enthalten, die denen ähneln:

 [04912] (00008) W AVAS : NT AUTHORITY\SYSTEM ran C:\Program Files\Dell\Dell Data Protection\Advanced Threat Protection\CylanceSvc.exe, which attempted to access the process mfefw.exe, violating the rule "Core Protection - Protect McAfee processes from unauthorized access and termination", and was blocked. For information about how to respond to this event, see KB85494.

 [04912] (00007) W AVAS : received Information threat protection event: BO=SP Id=1092
 [04912] (00007) W AVAS : NT AUTHORITY\SYSTEM ran C:\Program Files\Dell\Dell Data Protection\Advanced Threat Protection\CylanceSvc.exe, which attempted to access the process mfewc.exe, violating the rule "Core Protection - Protect McAfee processes from unauthorized access and termination", and was blocked. For information about how to respond to this event, see KB85494.

 [04912] (00004) W AVAS : received Information threat protection event: BO=SP Id=1092
 [04912] (00004) W AVAS : NT AUTHORITY\SYSTEM ran C:\Program Files\Dell\Dell Data Protection\Advanced Threat Protection\CylanceSvc.exe, which attempted to access the process mfeesp.exe, violating the rule "Core Protection - Protect McAfee processes from unauthorized access and termination", and was blocked. For information about how to respond to this event, see KB85494.

 [04912] (00007) W AVAS : received Information threat protection event: BO=SP Id=1092
 [04912] (00007) W AVAS : NT AUTHORITY\SYSTEM ran C:\Program Files\Dell\Dell Data Protection\Advanced Threat Protection\CylanceSvc.exe, which attempted to access the process mfewch.exe, violating the rule "Core Protection - Protect McAfee processes from unauthorized access and termination", and was blocked. For information about how to respond to this event, see KB85494.

Der McAfee SelfProtection_Activity.log kann Einträge wie die folgenden enthalten:

mfeesp(7716.9896)  ApBl.SP.Activity: NT AUTHORITY\SYSTEM ran CYLANCESVC.EXE, which attempted to access MFEWC.EXE, violating the rule "Core Protection - Protect McAfee processes from unauthorized access and termination", and was blocked. For information about how to respond to this event, see KB85494.

mfeesp(7716.9896)  ApBl.SP.Activity: NT AUTHORITY\SYSTEM ran CYLANCESVC.EXE, which attempted to access MFEESP.EXE, violating the rule "Core Protection - Protect McAfee processes from unauthorized access and termination", and was blocked. For information about how to respond to this event, see KB85494.

mfeesp(7716.9896)  ApBl.SP.Activity: NT AUTHORITY\SYSTEM ran CYLANCESVC.EXE, which attempted to access MFEFW.EXE, violating the rule "Core Protection - Protect McAfee processes from unauthorized access and termination", and was blocked. For information about how to respond to this event, see KB85494.

mfeesp(7716.9900)  ApBl.SP.Activity: SPRINGSCREATIVE\jcampbe-la ran IE4UINIT.EXE, which tried to access HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\ENABLE BROWSER EXTENSIONS, violating the rule "Web Control - Protect plug-in registry keys and values", and was blocked. For information about how to respond to this event, see KB85494.

Das Signaturzertifikat von McAfee erkennt das Cylance-Zertifikat nicht an und erfordert ein Update.

Das Problem wurde in Dell Endpoint Security Suite Enterprise 3.0 für Windows behoben.

Nutzen Sie zur Kontaktaufnahme mit dem Support die internationalen Support-Telefonnummern von Dell Data Security.
Gehen Sie zu TechDirect, um online eine Anfrage an den technischen Support zu erstellen.
Zusätzliche Einblicke und Ressourcen erhalten Sie im Dell Security Community Forum.