Manualshelf

Product guide

ManualsBrandsMcAfee ManualsOtherVIRUSSCAN ENTERPRISE
71727374757677787980
System access point violations
When a system access point is violated, the action taken depends on how the rule was
configured.
If the rule was configured to:
Report — Information is recorded in the log file.
Block — Access is denied.
Review the log file to determine which system access points were violated and which rules
detected the violations, then configure the access protection rules to allow users access to
legitimate items and prevent users from accessing protected items.
Use these scenarios to decide which action to take as a response.
ScenariosDetection type
Unwanted processes If the rule reported the violation in the log file, but did not block the violation, select
the Block option for the rule.
If the rule blocked the violation, but did not report the violation in the log file, select
the Report option for the rule.
If the rule blocked the violation and reported it in the log file, no action is necessary.
If you find an unwanted process that was not detected, edit the rule to include it
as blocked.
Legitimate processes If the rule reported the violation in the log file, but did not block the violation,
deselect the Report option for the rule.
If the rule blocked the violation and reported it in the log file, edit the rule to exclude
the legitimate process from being blocked.
Buffer overflow detections
When a buffer overflow detection occurs, the scanner blocks the detection and a message is
recorded in the On-Access Scan Messages dialog box. You can view the dialog box, then
decide whether to take any additional actions.
The actions you can take include:
Removing the message — Select the item in the list, then click Remove.
Creating an exclusion — If the detected process is one that you legitimately use, or a
false positive, create an exclusion using the information in the On-Access Scan Messages
dialog box. Review the information in the Name column to determine the name of the
process that owns the writable memory that is making the call. Use the process name to
create an exclusion.
Submitting a sample to McAfee Labs for analysis If the scanner detects something
that you think it should not detect, or does not detect something that you think it should,
you can send a sample to McAfee Labs.
Unwanted program detections
The on-access, on-demand, and email scanners detect unwanted programs based on the
Unwanted Programs Policy you configured. When a detection occurs, the scanner that
detected the potentially unwanted program applies the action that you configured on the Actions
tab for that scanner.
Part III - Response: Handling Threats
Detections and responses
73McAfee VirusScan Enterprise 8.8 Product Guide