Dell Endpoint Security Suite Enterprise 和 McAfee 可能会在每次启动时对CylanceSvc.exe发出警报

受影响的产品：

• Dell Endpoint Security Suite Enterprise

受影响的版本：

• v2.8 至 2.9

事件位于 C:\Programdata\Dell\Dell Data Protection\DellAgent.log 可能有类似于以下内容的条目：

 [04912] (00008) W AVAS : NT AUTHORITY\SYSTEM ran C:\Program Files\Dell\Dell Data Protection\Advanced Threat Protection\CylanceSvc.exe, which attempted to access the process mfefw.exe, violating the rule "Core Protection - Protect McAfee processes from unauthorized access and termination", and was blocked. For information about how to respond to this event, see KB85494.

 [04912] (00007) W AVAS : received Information threat protection event: BO=SP Id=1092
 [04912] (00007) W AVAS : NT AUTHORITY\SYSTEM ran C:\Program Files\Dell\Dell Data Protection\Advanced Threat Protection\CylanceSvc.exe, which attempted to access the process mfewc.exe, violating the rule "Core Protection - Protect McAfee processes from unauthorized access and termination", and was blocked. For information about how to respond to this event, see KB85494.

 [04912] (00004) W AVAS : received Information threat protection event: BO=SP Id=1092
 [04912] (00004) W AVAS : NT AUTHORITY\SYSTEM ran C:\Program Files\Dell\Dell Data Protection\Advanced Threat Protection\CylanceSvc.exe, which attempted to access the process mfeesp.exe, violating the rule "Core Protection - Protect McAfee processes from unauthorized access and termination", and was blocked. For information about how to respond to this event, see KB85494.

 [04912] (00007) W AVAS : received Information threat protection event: BO=SP Id=1092
 [04912] (00007) W AVAS : NT AUTHORITY\SYSTEM ran C:\Program Files\Dell\Dell Data Protection\Advanced Threat Protection\CylanceSvc.exe, which attempted to access the process mfewch.exe, violating the rule "Core Protection - Protect McAfee processes from unauthorized access and termination", and was blocked. For information about how to respond to this event, see KB85494.

该 McAfee SelfProtection_Activity.log 可能包含如下条目：

mfeesp(7716.9896)  ApBl.SP.Activity: NT AUTHORITY\SYSTEM ran CYLANCESVC.EXE, which attempted to access MFEWC.EXE, violating the rule "Core Protection - Protect McAfee processes from unauthorized access and termination", and was blocked. For information about how to respond to this event, see KB85494.

mfeesp(7716.9896)  ApBl.SP.Activity: NT AUTHORITY\SYSTEM ran CYLANCESVC.EXE, which attempted to access MFEESP.EXE, violating the rule "Core Protection - Protect McAfee processes from unauthorized access and termination", and was blocked. For information about how to respond to this event, see KB85494.

mfeesp(7716.9896)  ApBl.SP.Activity: NT AUTHORITY\SYSTEM ran CYLANCESVC.EXE, which attempted to access MFEFW.EXE, violating the rule "Core Protection - Protect McAfee processes from unauthorized access and termination", and was blocked. For information about how to respond to this event, see KB85494.

mfeesp(7716.9900)  ApBl.SP.Activity: SPRINGSCREATIVE\jcampbe-la ran IE4UINIT.EXE, which tried to access HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\ENABLE BROWSER EXTENSIONS, violating the rule "Web Control - Protect plug-in registry keys and values", and was blocked. For information about how to respond to this event, see KB85494.

McAfee 的签名证书不符合 Cylance 证书，需要更新。

此问题已在适用于 Windows 的 Dell Endpoint Security Suite Enterprise v3.0 中得到解决。

要联系支持部门，请参阅 Dell Data Security 国际支持电话号码。
转至 TechDirect，在线生成技术支持请求。
要获得更多见解和资源，请加入戴尔安全社区论坛。