Article Number: 000189881
每次開機時,Dell Endpoint Security Suite Enterprise 和 McAfee 可能會在 CylanceSvc.exe 上發出警示
Summary: 搭配 McAfee 防火牆使用進階威脅防護時,每次開機時您都會看到警示,指出 Cylancesvc.exe 正在嘗試存取各種 McAfee 程式。 這些警示會根據警示設定產生電子郵件警示。
Article Content
Symptoms
注意:
- 截至 2022 年 5 月,Dell Endpoint Security Suite Enterprise 已達到維護結束的期限。Dell 已不再更新本文。如需更多資訊,請參閱 Dell Data Security 的產品生命週期 (支援結束/壽命結束) 原則。如果您對其他文章有任何問題,請聯絡您的銷售團隊或聯絡 endpointsecurity@dell.com。
- 請參考端點安全性,以取得有關目前產品的其他資訊。
受影響的產品:
Dell Endpoint Security Suite Enterprise
受影響的版本:
v2.8 至 2.9
圖 1:(僅限英文)伺服器主控台中的警示
中的事件 C:\Programdata\Dell\Dell Data Protection\DellAgent.log 可能有類似此內容的專案:
[04912] (00008) W AVAS : NT AUTHORITY\SYSTEM ran C:\Program Files\Dell\Dell Data Protection\Advanced Threat Protection\CylanceSvc.exe, which attempted to access the process mfefw.exe, violating the rule "Core Protection - Protect McAfee processes from unauthorized access and termination", and was blocked. For information about how to respond to this event, see KB85494. [04912] (00007) W AVAS : received Information threat protection event: BO=SP Id=1092 [04912] (00007) W AVAS : NT AUTHORITY\SYSTEM ran C:\Program Files\Dell\Dell Data Protection\Advanced Threat Protection\CylanceSvc.exe, which attempted to access the process mfewc.exe, violating the rule "Core Protection - Protect McAfee processes from unauthorized access and termination", and was blocked. For information about how to respond to this event, see KB85494. [04912] (00004) W AVAS : received Information threat protection event: BO=SP Id=1092 [04912] (00004) W AVAS : NT AUTHORITY\SYSTEM ran C:\Program Files\Dell\Dell Data Protection\Advanced Threat Protection\CylanceSvc.exe, which attempted to access the process mfeesp.exe, violating the rule "Core Protection - Protect McAfee processes from unauthorized access and termination", and was blocked. For information about how to respond to this event, see KB85494. [04912] (00007) W AVAS : received Information threat protection event: BO=SP Id=1092 [04912] (00007) W AVAS : NT AUTHORITY\SYSTEM ran C:\Program Files\Dell\Dell Data Protection\Advanced Threat Protection\CylanceSvc.exe, which attempted to access the process mfewch.exe, violating the rule "Core Protection - Protect McAfee processes from unauthorized access and termination", and was blocked. For information about how to respond to this event, see KB85494.
可使用 McAfee SelfProtection_Activity.log 可能有下列專案:
mfeesp(7716.9896) ApBl.SP.Activity: NT AUTHORITY\SYSTEM ran CYLANCESVC.EXE, which attempted to access MFEWC.EXE, violating the rule "Core Protection - Protect McAfee processes from unauthorized access and termination", and was blocked. For information about how to respond to this event, see KB85494. mfeesp(7716.9896) ApBl.SP.Activity: NT AUTHORITY\SYSTEM ran CYLANCESVC.EXE, which attempted to access MFEESP.EXE, violating the rule "Core Protection - Protect McAfee processes from unauthorized access and termination", and was blocked. For information about how to respond to this event, see KB85494. mfeesp(7716.9896) ApBl.SP.Activity: NT AUTHORITY\SYSTEM ran CYLANCESVC.EXE, which attempted to access MFEFW.EXE, violating the rule "Core Protection - Protect McAfee processes from unauthorized access and termination", and was blocked. For information about how to respond to this event, see KB85494. mfeesp(7716.9900) ApBl.SP.Activity: SPRINGSCREATIVE\jcampbe-la ran IE4UINIT.EXE, which tried to access HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\ENABLE BROWSER EXTENSIONS, violating the rule "Web Control - Protect plug-in registry keys and values", and was blocked. For information about how to respond to this event, see KB85494.
Cause
McAfee 的簽署憑證不尊重 Cylance 憑證,需要更新。
Resolution
此問題已在 Windows 適用的 Dell Endpoint Security Suite Enterprise v3.0 中解決。
如要聯絡支援部門,請參閱 Dell Data Security 國際支援電話號碼。
請前往 TechDirect,以線上產生技術支援要求。
如需更多深入見解與資源,請加入 Dell 安全性社群論壇。
Article Properties
Affected Product
Dell Endpoint Security Suite Enterprise
Last Published Date
15 Dec 2022
Version
7
Article Type
Solution